FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
aahmadbasri
Staff
Staff
Article Id 252079
Description

This article describes the issue to configure a policy for policy-based IPsec VPN, where the VPN tunnel is not available in the drop-down list of VPN Tunnel.

Scope Policy-based, IPsec, and VPN.
Solution

In order to create the policy, the physical wan interface of the IPsec should be selected in order to be able to select the VPN tunnel.

 

In this example, the IPsec interface is port1:

 

KB4_2.png

 

The IPsec will not be available if selecting the outgoing interface as 'any' or multiple outgoing interfaces, although the physical interface has been included.

 

Example 1: Outgoing interface 'any'.

 

KB4_5.png

 

Example 2: Multiple outgoing interfaces.

 

KB4_4.png

 

For this case, the correct configuration is to only select port 1 as the outgoing interface.  

 

KB4_3.png

 

Note:

For the SD-WAN case, only the respective zone is to be selected as the outgoing interface.