FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sha-1_FTNT
Staff
Staff
Description
As of FortiOS 5.6.3 & 6.0, a new behavior is implemented for route-based IPsec dialup tunnels.
As of FortiOS 6.2.1, this behavior is implemented for ADVPN shortcuts


Scope
Dialup phase1 :

FortiOS 5.6.3 and above
FortiOS 6.0 and above

Static phase1 (for ADVPN shortcuts):

FortiOS 6.2.1 and above

Solution
This behavior is controlled by two new CLI settings:

    config vpn ipsec phase1-interface
    edit <ph1-name>
         set type { dynamic | static }
         set net-device { disable* | enable }
         set tunnel-search { selectors* | nexthop }
         ( ... )
    end


These settings and their corresponding behaviors are detailed in the PDF file available in the Attachments section.

Contributors