hallo guys. i currently to do configuration migration from fortigate 310D v.4.xx to fortigate 300E v.5.6. and now I have a problem on connections between ssl-vpn to Branch Ipsec-site-to-site in the Fortigate 300E v.5.6 Unit. my existing ipsec-site-to-site configuration in the fortigate 310d v.4 using type tunnel mode, not interface mode.

bellow you can see existing configuration chronology in fortigate 310D v.4.x , in the following description for a brief explanation :

1. user connect/login ssl-vpn its working and get ip , no problem. 2. connections IPsec-site-to-site VPN between FG-HO and FG-Branch its working, can ping all segment. 3. user that login as ssl-vpn to do ping for Local Segments ipsec FG-Branch, its working , can ping. 3. policy rule connection from ssl-vpn to ipsec-Branch. can see in the such following : name : admin-ssl-vpn to FG-Branch incoming interface : ss.root outgoing interface : wan1 source : admin-ssl-vpn destination : local-network FG-Branch schedule : allways service : ALL action : ipsec tunnel : toFG-Branch 4. just remind. My Configure VPN IPsec site-to-site Between FG-HO and FG-Branch using type "Tunnel Mode/policy-based".

Now, if i apply the configuration above on my fortigate 300E v.5.6 unit. when i create policy from ssl.root to wan1, i cannot find an action for "IPsec". even thought i have activated the ipsec-policy-based feature. so, this makes me cannot to ping ssl-vpn to the local network FG-Branch.

* I want to ask. whether fortigate 300E v.5.6 can still run the ssl-vpn to ipsec function in a tunnel-mode/policy-based configuration.

*If possible. please give me a step how to configure in fortigate 300E v.5.6.

Thanks, Best regards, Apassa