The FortiGate can be set up as an L2TP client only through CLI as follows:

Note: This is only available in standalone mode. With HA, this will set up an L2 broadcast loop since L2PP is an L2 protocol. For that reason, this option is only available in standalone mode.

config system interface

    edit "wan"

        set status up

        set l2tp-client enable

        set l2forward enable

            config l2tp-client-settings

                set auth-type auto

                set defaultgw enable

                set mtu 1460

                set user <user_name>

                set password <password>

                set peer-host <host_IP_address>

                set peer-port <-- Specify the port used to connect to L2TP peers, default is 1701.

end

This feature is available only in small business units such as 30E, 40F, 100F, etc.

If the L2TP client does not connect, use the following debug, sniffer, and diagnostic commands to troubleshoot.

Debug:

diagnose debug disable

diagnose debug reset

diagnose debug application l2tpcd -1

diagnose debug application ppp -1

diagnose debug console timestamp enable

diagnose debug enable

Once the debug log capture has completed, run the following commands to disable debug:

diagnose debug reset
diagnose debug disable

Sniffer:

diagnose sniffer packet any "host <Peer-host-ip> and port <Peer-host-port>" 6 0 l

Stop sniffer at any time with CTRL+C.

Diagnostic command:

diagnose test application l2tpcd 1

Note: The L2TP client feature does not support L2TP over IPsec.