Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
AnthonyH
Staff
Staff

Created on ‎08-12-2024 05:10 AM

Article Id 332324

Technical Tip: Migrating an IPSec tunnel interface on an existing tunnel

Description This article describes how to migrate an existing IPSec tunnel interface that is built on one interface.
Scope FortiGate.
Solution

Consider a scenario where there is an established site-to-site IPSec VPN between two FortiGates where the tunnel has been built off WAN1 and the goal is to migrate the IPSec tunnel interface over to WAN2.

 

FGT_A’s IPsec tunnel is currently built off WAN1  under Network -> Interface -> Expand WAN1:

 

 

WAN1_IPSec.png

 

Under VPN -> IPsec Tunnels, the outgoing interface is using WAN1:

 

WAN1_Configuration.png

 

To migrate the tunnel over to WAN2 on FGT_A, the outgoing interface should be selected as WAN2:

 

WAN2_Migrated.png

 

The result of selecting a new outgoing interface has been migrated over to WAN2:

 

WAN2_Interface_ipsec.png

 

Note that FGT_A remote gateway has changed which means on FGT_B the IP address in our IPSec’s network configuration needs to reflect the new gateway:

 

IPsec_configuration_update.png
363
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.