Hi
For IPsec Tunnel routes, I would like to add the destination information with Named Address, as I already created groups addresses containing various subnets and hosts.
However, it only shows the addresses for our internal vlan no other groups and nothing can be added from here.
Not sure if it is a problem with the web interface or if I need to create the groups somewhere else (been created in Policy & Objects) but it would be great if that worked instead of having to create all the routes separately by Subnet
Thanks
Interface based VPN?
You are wanting to do routes based strictly on the named subnets? I always (if interface based ipsec) put a static route utilizing the subnets in question.
Mike Pruett
Should work in v5.4.x
Are the addresses by chance tied to an interface (other than "Any")?
Thanks both. Some clarifications: some IPsec sites have numerous subnets. I created the objects for each subnets and an object group containing the subnets objects.
When it comes to adding the static routes, instead of having to manually re-enter all the routes manually for each subnet, I thought that the 'Named Address' tab was exactly for that, as we already have a group defined.
@ede_pfau: we are in 5.4
The only addresses that show up when using the Named Address tab are for our internal Vlan and yes they have the LAN (port1) interface set.
I then tried to create a new object and assigned the VPN for interface but it still does not appear in the Named Address tab. but I am also after the Address group not an object only. When I create an address group that contains the object with the VPN for interface, it complains with "One or more members are associated with an interface, etc...
So back to square one.
It is a shame it is not much easier to setup a site to site VPN!
It is a shame it is not much easier to setup a site to site VPN!
if it's numerous sites ( spokes ) and all are unique you can do it easy with just dynamic-routing. People seems to forget that this or was design to manage routing with better ease.
PCNSE
NSE
StrongSwan
You need to make sure in "Policy & Objects -> Addresses" the "Static route configuration" is enabled as well as in the "Address Group". Then it will show in the Static Route list.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.