FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
KC_Hing
Staff
Staff
Article Id 213078
Description

This article describes why customers see a different gateway IP when the next hop is the VPN tunnel interface in Dashboard > Network > Static Routes GUI console.

Scope

FortiGate, 7.0

Solution

In FortiOS 7.0 firmware, IPSEC routes are linked to the tunnels by the tunnel IDs, replacing the need to have a route tree in the IPsec tunnel list for selecting tunnels by next hop when net-device is disabled.

 

Consequently, the tunnel search option in phase1 removed, because tunnels are now clearly identified by the tunnel ID and referenced in the routing table.

 

In 6.4:

The next hop is VPN tunnel interface, and the gateway IP address is the remote IP address.

 

In 7.0:

The next hop is VPN tunnel interface, and the gateway IP address shows the tunnel ID.

 

To identify the VPN tunnel id.

 

# diagnose vpn tunnel list | grep tun_id

Contributors