Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
aahmadbasri
Staff
Staff

Created on ‎04-11-2023 09:41 PM

Article Id 252079

Technical Tip : IPsec interface not available in policy (policy based ipsec)

Description

This article describes the issue to configure a policy for policy-based IPsec VPN, where the VPN tunnel is not available in the drop-down list of VPN Tunnel.
Scope Policy-based, IPsec, and VPN.
Solution

In order to create the policy, the physical wan interface of the IPsec should be selected in order to be able to select the VPN tunnel.

 

In this example, the IPsec interface is port1:

 

KB4_2.png

 

The IPsec will not be available if selecting the outgoing interface as 'any' or multiple outgoing interfaces, although the physical interface has been included.

 

Example 1: Outgoing interface 'any'.

 

KB4_5.png

 

Example 2: Multiple outgoing interfaces.

 

KB4_4.png

 

For this case, the correct configuration is to only select port 1 as the outgoing interface.  

 

KB4_3.png

 

Note:

For the SD-WAN case, only the respective zone is to be selected as the outgoing interface. 
1943
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.