Technical Tip: Unable to configure L2TP for native Windows or Android or iOS from IPsec wizard

This article describes the scenario where FortiGate L2TP configuration is not taking effect.

From GUI the IPsec Wizard shows a warning  'Android Native and Windows Native remote device types have ben disabled due to missing the L2TP firewall service'.

The error received is because the FortiGate does not have a service for the L2TP available.

OnFrom GUI it would be possible to select 'Create L2TP service' to enable the L2TP service.

From CLI, verify that the L2TP custom service exists by running the below command from FortiGate CLI

# show firewall service custom L2TP

If no L2TP service is available, the below outcome should be received.

# show firewall service custom L2TP <----- Entry is not found in table.

To add the entry to the table, run the below set of commands:

# config firewall service custom
    edit "L2TP"
        set category "Tunneling"
        set tcp-portrange 1701
        set udp-portrange 1701
    next
end

In case there is an error after adding the L2TP custom service due to the absence of the category 'Tunneling', add the category 'Tunneling' then add the L2TP custom service, using the below set of commands:

# config firewall service category
    edit "Tunneling"
        set comment "Tunneling service."
    next
end

# config firewall service custom
    edit "L2TP"
        set category "Tunneling"
        set tcp-portrange 1701
        set udp-portrange 1701
    next
end

After running the above commands, it will be possible to create the L2TP tunnel successfully.