| Description | This article describes how install a new user into a group of VPN IPsec dial-up setup from FortiManager. |
| Scope | FortiManager, FortiGate. |
| Solution |
In a standard configuration of VPN IPsec dial-up users are not referenced in Firewall policies. It usually only added into the IPsec configuration. See Technical Tip: IPsec dial-up full tunnel with FortiClient for more information.
When this configuration is in place, when adding a new user to a VPN Group from FortiManager, FortiManager cannot detect this change and therefore will not install the new user to FortiGate.
Example:
The following image shows part of the VPN IPsec dial-up configuration from the FortiManager side:
Standard policy for VPN IPsec dial-up.
Then create new user and assign to group used in VPN configuration.
Try to install update from FortiManager to FortiGate.
As VPN group is not referenced in Firewall policy FortiManager does not detect any change in policy package, therefore user is not pushed to FortiGate.
To solve it, is needed add the user group to VPN Firewall policy or to all the firewall policies as needed and then new user can push from FortiManager to FortiGate.
Related article: |
