After configuring the VPN in VPN-Manager install validation fails with the error:

The reason for failure is that to newly added peer FortiGate to VPN Manager has a dynamic IP address ( i.e. mode is set to DHCP) on the interface used as VPN Interface.

This can be resolved in two ways:

1. Set public_ip in the VPN-Manager.
2. Use Dynamic DNS on FortiGate Interface (recommended).

1. Set public_ip in the VPN-Manager:

• Go under VPN-Manager -> IPSec VPN Communities, 'Right-Click' on VPN Community, Select Configure Gateways, Select the FortiGate with dynamic IP address and Select Edit:

• Expand 'Advanced Options' and set the 'public_ip' which is the DHCP reserved IP address of the FortiGate interface used for VPN:

• Interface IP address can be obtained from FortiManager -> Device Manager -> Device & Groups, Select the FortiGate -> Network -> Interfaces OR from the FortiGate -> Network -> Interfaces.
• Use the Install Wizard to push the config to FortiGate.
• Install config now does not give the error and the remote-gw IP is present:

2. Use Dynamic DNS on FortiGate Interface:

• Login to the FortiGate with dynamic IP and follow the article below to configure Dynamic DNS:
  Technical Tip: How to configure Dynamic DNS Fortigate

• This can also be set in FortiManager -> Device Manager -> Device & Groups, Select the FortiGate with dynamic IP -> Network -> DNS, Enable FortiGuard DDNS, create Dynamic DNS entry, and then, push the change to the FortiGate.

• In FortiManager using the Install Wizard push the VPN config to the FortiGate.

• Install validation does not give any error.

• remotegw-dns has now the Domain of the interface used as the VPN interface used on the peer FortiGate.

Related documents:

VPN Manager

DDNS Support

Displaying the device database