Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dan_Eng52
Contributor

Created on ‎11-22-2024 07:46 AM

FortiSASE Portal - VPNs available to users

Hi all, 

 

I hope you're well. 

 

I am testing FortiSASE and have setup and working as I would like however, I would like to run some alternative IPsec VPNs as well as the SIA into FortiSASE. Within the SASE portal I have added the IPsec VPN into the "VPNs available to users" section and this Endpoint Profile is pushed out to my device. 

 

Edit VPN.jpg

 

The problem is that within the portal I cannot find any section whereby I can specify my VPN settings and even though this VPN gets pushed to my device I am unable to adjust the VPN settings within FortiClient as they're greyed out and therefore I can't get the VPN working. 

 

VPN Settings.jpg

 

Is there anyone that has configured other VPNs in the Endpoint Profile that can help me locate these settings or tell me how I can push the IPsec VPN settings I require to the device from the profile? 

Thanks, 

Dan. 

Labels:
504
0 Kudos
9 REPLIES 9
Jean-Philippe_P
Moderator
Moderator

Created on ‎11-24-2024 10:43 PM

Hello Dan_Eng52, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
450
Dan_Eng52
Contributor
In response to Jean-Philippe_P

Created on ‎11-26-2024 04:13 AM

Hi Jean-Philippe_P, 

 

That would be great, thank you! 

Cheers, 

Dan. 

416
Jean-Philippe_P
Moderator
Moderator

Created on ‎11-28-2024 02:53 AM

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Jean-Philippe - Fortinet Community Team
377
0 Kudos
sjoshi
Staff
Staff

Created on ‎11-28-2024 03:03 AM

Hi Dan_Eng52,

 

Do you want to setup another VPN profile in the endpoint or want to edit this specific profile.

https://docs.fortinet.com/document/fortisase/latest/administration-guide/209451/profiles

 

You can only change those parameters what is available from the SASE and if anything more you want to change that needs to be done from the backend EMS for which you can raise a Fortinet ticket and request the support to check on the possibility.

Let us know if this helps.
Salon Raj Joshi
373
Dan_Eng52
Contributor
In response to sjoshi

Created on ‎11-28-2024 08:02 AM

Hi Salon Raj Joshi, 

 

Thanks for your response. 

 

I want to setup another VPN connection for the user to be able to use and connect to within the endpoint profile. I can do this (As shown in my screenshots in original post) however, I am unable to change the VPN Setting, Phase 1 and Phase 2 so although it gets pushed to the device I can't connect as the proposals are incorrect. 

 

Is there a way that I can push the correct proposals out to the device for the VPN that I have configured in the endpoint profile? 

 

Regards, 

Dan. 

347
0 Kudos
sjoshi
Staff
Staff
In response to Dan_Eng52

Created on ‎11-28-2024 10:04 AM

Hi Dan,

 

Can you confirm the 2nd VPN profile which you are trying to connect is being connected to a different On prem FGT and not the SASE VPN correct?

Let us know if this helps.
Salon Raj Joshi
331
Dan_Eng52
Contributor
In response to sjoshi

Created on ‎11-29-2024 01:13 AM

Hi Sjoshi, 

 

I can confirm the 2nd VPN that I am trying to get working is being connected to a different on prem FGT and not the SASE VPN. I've set the profile up whereby I can disconnect from the SASE VPN and then connect to the alternative IPsec VPN or at least hoped. 

At the moment I can't run both so I am unable to utilise the SASE VPN FortiClient as I need the IPsec for remote access to another site so annoyingly, I had to delete and install an alternative FortiClient version. I can get the IPsec VPN Connection pushed to profile but only Name, Remote Gateway and Key I can't configure any VPN settings, Phase 1 or Phase 2. 

I can't find any setting in FortiSASE for the above, is there a way around this? 

Regards, 

Dan. 

289
0 Kudos
sjoshi
Staff
Staff
In response to Dan_Eng52

Created on ‎11-29-2024 01:17 AM

Hi Dan,

 

Refer:-

https://docs.fortinet.com/document/fortisase/latest/administration-guide/921669/connection

 

You can only change settings for IPSEC mention in the article and what you see in the SASE portal. For other parameters it is hardcoded in the backend for which you need to raise a TAC case to change it from the backend.

 

Further you can better change the parameters on the On Prem FGT to match with the SASE config

Let us know if this helps.
Salon Raj Joshi
284
Dan_Eng52
Contributor
In response to sjoshi

Created on ‎11-29-2024 01:34 AM

Hi Sjoshi, 

 

Thanks for the update. 

 

I will raise a TAC case as I cannot use the SASE config parameters pushed out as it is using IKE Version 1, DH 5 etc the configuration is out dated and insecure. 

 

Regards, 

Dan. 

277
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.