Heyho,
just ran into this:
On my FortiManager in an adom I added an IPSec VPN provisioning template in device manager. This has a phase1 and also a phase2. I had no problems with phase1. But I do have a big problem with phase2:
I need to enter the selectors (dst-subnet and src-subnet) and I do enter the correct ones. However it doesn't matter wether i input them in the form subnet/suffix or subnet,suffix. When I click apply it says its invalid.
If I create the phase2 without templete and the same subnets it works fine.
Any clues?
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hello :)!,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello,
I hope you are doing well.
I have the answer to troubleshoot an issue where the IPsec phase 2 is partly broken in FortiManager's IPsec provisioning templates:
This is due to the irritating way of FMG displaying the selectors in a template:
FMG itself in a template lists selectors in format <subnet>,<mask> but it doesn't accept this format as input. You have to input <subnet> <mask> or maybe <subnet>/<mask> to have it accepted but when you reopen the phase2 afterwards it is dispayes as <subnet>,<mask>.
There also is no notice around there which format you should enter.So you have to know it.
Only FortiNet know why they do different in template then in Device manager's VPN Settings....
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.