there is an old bug in FortiOS and FortiManager that allows you to set too long Phase1 names. This can cause problems wenn the FGT runs out of space on creating new dialup instances due to enumeration
So how can I flush those enumerations the have FortiOS start anew at 0 (even if this means shutting down all currently dialled in instances to avoid enumeration conflicts)? 192168101.win100001.devrouterlogin.win
But of course the way to fix this is to re-create the tunnel with a shorter phase1 name. I think the limit is 15 chars, and is well known/documented. So, 13 chars for the name plus "_0" for up to 10 users. Unfortunately, the max number of users will only be displayed on an existing tunnel.
For a tunnel already in use, deleting and recreating can be cumbersome. The way I do this:
- save the config to disk
- search & replace the phase1 name to something shorter
- restore this config file to the FGT - this will REBOOT the firewall!
Last time I checked this, I created a dialup tunnel in GUI and it displayed a warning when I entered 14 chars:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.