Description | This article describes how to check and manipulate the priority of specific default routes for IPSec tunnels. |
Scope | FortiGate. |
Solution |
It is possible to configure specific default routes to establish each IPSec Tunnel.
For example:
# config vpn ipsec phase1-interface edit "XPTO_Tunnel" set type dynamic set interface "vlan100" set local-gw 1.1.1.1 set mode aggressive set peertype one set net-device disable set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1 set dpd on-idle set wizard-type dialup-fortigate set peerid "peerxpto" set default-gw 1.1.1.2 set psksecret 12345678 next end
To check this route, run the following command in the FortiGate CLI. Example output is attached here.
# get router info kernel
To increase the route priority, run the following configuration:
# config vpn ipsec phase1-interface edit "XPTO_Tunnel" set default-gw-priority 100 next end
# get router info kernel |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.