FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sharmaj
Staff
Staff
Description This article desctibes Manual up-gradation needs to be done for L2TP over IPsec after firmware upgrade.
Scope  
Solution

To make L2TP over IPsec work after upgrading.

Add a static route for the IP range configured in vpn l2tp.

 

For example, if the L2TP setting in the previous version's root VDOM is:

 

# config vpn l2tp
    set eip 192.168.0.254
    set sip 192.168.0.1
    set status enable
    set usrgrp "L2tpusergroup"
end

 

Add a static route after upgrading.

 

# config router static
    edit 1
        set dst 192.168.0.0 255.255.255.0
        set device "l2tp.root"
    next
end

 

Change the firewall policy source interface tunnel name to l2tp.root

l2t.root refers to the interface which is defined for the L2TP IPsec tunnel inside the VDOM(dedicated).

 

This will be used in the policy as the source interface, so the traffic coming from the same will be checked and judged according to the policy created

 

 

 

 

Contributors