Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sha-1_FTNT
Staff
Staff

Created on ‎06-28-2018 05:41 AM Edited on ‎03-28-2023 04:47 AM By Community Manager

Technical Tip: 'set net-device' new route-based IPsec logic

Description

 

This article describes that, as of FortiOS 5.6.3 and 6.0, a new behavior is implemented for route-based IPsec dialup tunnels.
As of FortiOS 6.2.1, this behavior is implemented for ADVPN shortcuts.
 
Scope

 

Dialup phase1 :
FortiOS 5.6.3 and above.
FortiOS 6.0 and above.
This option is removed from FortiOS 7.0.0 and above.
 
Static phase1 (for ADVPN shortcuts):
FortiOS 6.2.1 and above.

This option is removed from  FortiOS 7.0.0 and above.


Solution

 

This behavior is controlled by two new CLI settings:

# config vpn ipsec phase1-interface
    edit <ph1-name>
         set type { dynamic | static }
         set net-device { disable* | enable }
         set tunnel-search { selectors* | nexthop }
         ( ... )
    end

These settings and the corresponding behaviors are detailed in the PDF file available in the Attachments section.
Preview file
1498 KB
40470
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.