No IPSEC VPN Policy option with 5.0.4

Pablood · ‎08-22-2013

We upgrade our Fortigate 60D to 5.0.4 version, put it in " Interface Mode" and create 2 ipsec vpn tunnels with 2 phases ok to connect to our old cisco router (using dial up vpn) The problem is i cant create the vpn policy for IPSEC, it only show me te SSL VPN options. We have a 60 C with 4.12 with this configuration working ok. Thanks in advance

abelio · ‎08-22-2013

hi and welcome, By default, policy-based IPsec VPN is hidden from the web-based manager you need to enable it before: System->Config->Features-> show More-> Policy-based ipsec vpns hope it helps

regards

/ Abel

View solution in original post

abelio · ‎08-22-2013

hi and welcome, By default, policy-based IPsec VPN is hidden from the web-based manager you need to enable it before: System->Config->Features-> show More-> Policy-based ipsec vpns hope it helps

regards

/ Abel

Issachar · ‎02-17-2016

abelio wrote:
hi and welcome, By default, policy-based IPsec VPN is hidden from the web-based manager you need to enable it before: System->Config->Features-> show More-> Policy-based ipsec vpns hope it helps

Sorry, I know this is a really old thread, but you just saved my day!!!

I just create the forum account to say thank you!!! :D

ede_pfau · ‎02-18-2016

One piece of good advice: please do not revert back to policy-based VPN! It has been superceded by the widely more flexible interface-based or route-based VPN. Do yourself a favor and stick to the (now not so) "new" method. You will see what I mean if you have to debug the VPN.

There are very few situations where you need to have a policy-based VPN, one being VPN on a transparent mode FGT/VDOM. Otherwise, I think, Fortinet would have dropped policy-based VPN a long time ago.

Ede Kernel panic: Aiee, killing interrupt handler!

Pablood · ‎08-23-2013

Thanks Abel!!!!!

Dipen · ‎08-27-2013

In Interface Mode you have to configure like Normal Firewall Policies. VPN Policies are required only in Tunnel Mode. Moreover Interface Mode is recommended.

Ahead of the Threat. FCNSA v5 / FCNSP v5

Fortigate 1000C / 1000D / 1500D

bmotamed · ‎04-20-2015

Hello

trying to create an IPSEC policy, vpn tunnels do not apprear on drop down menu list. When i tried to use cli, vpn tunnels seem not being on data base. Howerer, my tunnel are brined up ans the list name appears when i try list name on cli interface!

Can anyone give me a solution?

THanks

bmotamed · ‎04-20-2015

: my fortigate is a 60B and the firmware is 4.0

abelio · ‎04-20-2015

bmotamed wrote:
: my fortigate is a 60B and the firmware is 4.0

Hi bmotamed

in this situation this thread doesn't apply to your scenario.

Under 4.0 fortios, route (or interface) vpn must be enabled explicitely under advanced phase1 settings; if not, the vpn remains 'policy based' configured.

I guess that is your situation and you cannot see the vpns interface names in the drop down list.

If you use policy (or tunnel) based vpn, you'll only need one firewall policy internal->wan, with action=ipsec to control the traffic in both directions.

hope it helps

regards

/ Abel

bmotamed · ‎04-20-2015

yes thank you abel. I must reconfigure my vpn not in interface mode to see tunnel in firewall policy.

No IPSEC VPN Policy option with 5.0.4

Nominate a Forum Post for Knowledge Article Creation