Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ronmar
Staff
Staff

Created on ‎10-23-2024 12:20 AM Edited on ‎10-23-2024 12:35 AM By Moderator

Article Id 351708

Technical Tip: Unable to create a HUB template using IPSec Wizard

Description

This article describes an issue where the HUB option is greyed out when creating an ADVPN setup using IPSec Wizard.

 

HUB_grey.jpg
Scope FortiOS.
Solution

This is due to a Spoke configuration that is still present on the IPSec VPN configuration of the FortiGate.

 

Set_autodiscovery.jpg


To be able to select the HUB template, auto-discovery-receiver must be disabled.

 

config vpn ipsec phase1-interface

    edit <VPN_Name>

        set auto-discovery-receiver disable

end

 

Or:

 

Delete the whole IPSec VPN phase1-interface configuration.

 

Note: All the references of the IPSec Phase1-interface must be deleted first for us to be able to delete the whole IPSec Phase1-interface tunnel including the Firewall policies and Phase2-interface.

 

After doing one of the steps above, the HUB template can be selected again on the IPSec Wizard.

 

HUB.jpg

 

Related article:

Troubleshooting Tip: 'Unable to setup VPN' error when using IPsec Wizard Hub-and-Spoke template 
Labels:
319
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.