Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
smkml
Staff
Staff

Created on ‎12-15-2024 09:36 PM

Article Id 364458

Troubleshooting Tip: Remote Access Topology in VPN Manager install failed

Description

 

This article describes troubleshooting when the installation fails using Remote Access Topology in VPN Manager.

 

Related error:


FGT-HUB $ config vpn ipsec phase1-interface

FGT-HUB (phase1-interface) $ edit "test-rem_0"

FGT-HUB (test-rem_0) $ set type dynamic

FGT-HUB (test-rem_0) $ set interface "port1"

FGT-HUB (test-rem_0) $ set ike-version 2

FGT-HUB (test-rem_0) $ set comments "[created by FMG VPN Manager]"

FGT-HUB (test-rem_0) $ set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256

FGT-HUB (test-rem_0) $ set keylife 28800

FGT-HUB (test-rem_0) $ set peertype any

FGT-HUB (test-rem_0) $ set mode-cfg enable

FGT-HUB (test-rem_0) $ set net-device disable

FGT-HUB (test-rem_0) $ set assign-ip-from name

FGT-HUB (test-rem_0) $ set ipv4-dns-server1 172.21.167.163

FGT-HUB (test-rem_0) $ set ipv4-split-include "MGT_NETWORK"

FGT-HUB (test-rem_0) $ set ipv4-name "test-ip"

entry not found in datasource

 

value parse error before 'test-ip'

Command fail. Return code -3

FGT-HUB (test-rem_0) $ set psksecret **********

FGT-HUB (test-rem_0) $ next

Must set IPv4 or IPv6 name.

object check operator error, -45, discard the setting

Command fail. Return code 1

FGT-HUB (phase1-interface) $ end

 

Scope

 

FortiManager, FortiGate

.

Solution

 

  1. VPN Manager Remote Access Topology configuration: Go to VPN Manager -> Create New -> Remote Access.

 

remote access topology configuration.gif

  1. Gateway configuration: After creating the Remote Access community, add a gateway by VPN Manager -> Select Remote Access community -> Create New -> Managed Gateway.

 

gateway configuration.gif

  1. In specific, enable IP Assignment and use Address/Address Group mode. Select the VPN Manager -> Select Remote Access community -> Created gateway -> Enable IP Assignment -> Select Address/Address Group in IP Assignment mode.

 

enable ip assignment.png

 

  1. Ensure the Client Address Range address is an IP Range type of address. Go to Policy & Objects -> Object Configurations -> Firewall Objects -> Addresses.

 

ip range type address.png

 

  1. Selecting other types will cause the installation to fail. This can be assured by the behavior of FortiGate, where when a command is performed to select the same, it will only show the IP Range type address.

 

ipv4-name from FGT.png

address type in FGT.png

357
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.