Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sha-1_FTNT
Staff
Staff

Created on ‎06-28-2018 05:41 AM Edited on ‎11-04-2024 11:14 AM By Moderator

Article Id 193618

Technical Tip: 'set net-device' new route-based IPsec logic

Description

 

This article describes that, as of FortiOS 5.6.3 and 6.0, a new behavior is implemented for route-based IPsec dialup tunnels.
As of FortiOS 6.2.1, this behavior is implemented for ADVPN shortcuts.
 
Scope

 

Dialup phase1 :
FortiOS 5.6.3 and above.
FortiOS 6.0 and above.
This option is removed from FortiOS 7.0.0 and above.
 
Static phase1 (for ADVPN shortcuts):
FortiOS 6.2.1 and above.

This option is removed from  FortiOS 7.0.0 and above.


Solution

 

This behavior is controlled by two new CLI settings:

config vpn ipsec phase1-interface
    edit <ph1-name>
         set type { dynamic | static }
         set net-device { disable* | enable }
         set tunnel-search { selectors* | nexthop }
         ( ... )
end

These settings and the corresponding behaviors are detailed in the PDF file available in the Attachments section.
 
Note: Version 6.0 up to 6.4 is out of engineering support. If these commands do not work look for a fresh guide on newer versions such as 7.0 and above. Here, check the upgrade path and compatibility of the device based on the hardware: Upgrade Path Tool Table.

Related articles:

Preview file
1498 KB
59792
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.