Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sha-1_FTNT
Staff
Staff

Created on ‎06-28-2018 05:41 AM

Technical Tip: 'set net-device' new route-based IPsec logic

Description
As of FortiOS 5.6.3 & 6.0, a new behavior is implemented for route-based IPsec dialup tunnels.
As of FortiOS 6.2.1, this behavior is implemented for ADVPN shortcuts


Scope
Dialup phase1 :

FortiOS 5.6.3 and above
FortiOS 6.0 and above

Static phase1 (for ADVPN shortcuts):

FortiOS 6.2.1 and above

Solution
This behavior is controlled by two new CLI settings:

    config vpn ipsec phase1-interface
    edit <ph1-name>
         set type { dynamic | static }
         set net-device { disable* | enable }
         set tunnel-search { selectors* | nexthop }
         ( ... )
    end

These settings and their corresponding behaviors are detailed in the PDF file available in the Attachments section.

Preview file
1498 KB
29963
Contributors

Contact Us