Hello All,
I am using 60E, the number of site to site IPSEC VPN advertised on the product catalog is 200. When I create VPN with VPN wizard in creates automaticly 2 static routes. And max static routes limited to 100 entries. After I creAte 50th vpn I would like to create 51th VPN, the wizard does not end. Then I check policies and addresses and routes, I observed only static routes are missing because of maximum number of entries 100, its not allow to create another static route. Is there any way to solve this issue?
Are those two static routes are for 2 subnets at the remote locations? I regularly don't use GUI for IPsec creation and that's why I'm asking. But the 100 seems to be the hard limit for static routes. Unless you go to one of routing protocol, like ospf, bgp, etc., which doesn't seem to have any hard limit, only way to go around is to consolidate those two subnets into one supersubnet to make them half. That might require changing the subnets each location.
By the way, I would concern about the 60E's performance if the number of IPsec vpns go up that high. Is it working fine so far?
Hello,
Making dynamic routing is not possible because of devices on the other site make ipsec tunnel is not supporting this. I ve check that this morning. I would like to use supersubnet solution but, routing is made to vpn interface instead of gateway. In our configuration every tunnel needs around 100 kbps and this is not a problem of performance of 60E. Any new advise about that?
Policy based ipsec?
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/991625/policy-based-ipsec-tunnel
No static routes, but would end up with lots of similar policies.
Yes It works without using static routes. I thought I has a problem policy VPN but I don't have any problem at all, So I edit my entry. Thanks to everyone help to me.
User | Count |
---|---|
2674 | |
1410 | |
810 | |
702 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.