Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SamuelRed
New Contributor

Maximum Tunnel of IPSec Dialup

Hi All,

 

I got challenge to secure an automatic teller machine with forticlient ipsec vpn. The concern is how many of 1 IKE profile (phase1-phase2) can handle the dialup ipsec tunnel? let say, the ATM is 2000 units... so is it possible just create/using 1 IKE profile? or must create several IKE profile?

 

if I naming the profile with "atm", so the first tunnel will listed at vpn monitor with atm_0, then the 2000th tunnel it will be listed as atm_2000.  its no issue?

 

thanks in advanced

Samuel Redjono.

2 REPLIES 2
ede_pfau
SuperUser
SuperUser

You've got to watch 2 limits:

- the complete name for an active tunnel is limited to 15 characters. So with just "atm_" plus a number you could in theory support 11 digits, like 99 billion connections (o-ha, I hope I get the calc right in my head)

- the receiving FGT has got a limit of how many IPsec tunnels are supported. Find this information in the "Maximum values matrix" on docs.fortinet.com.

- P.S. and there's another limit: as each new tunnel creates a new virtual interface, looks up the max. number of interfaces supported by the hardware and FOS version.

 

I'd think you would need a mid-range FGT (FG-xxx) at least.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
SamuelRed

hi efe_pfau

 

thanks for your reply...

got it at maximum value about max tun per 1 concentrator

 

thanks again and regards

Samuel

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors