Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Floto
New Contributor II

Created on ‎02-17-2025 06:41 AM

"Enable IPsec Interface Mode"-Option missing

Hello everyone,

 

since Fortigate Firmware Version 7.6.0 (and above) the "Enable IPsec Interface Mode"-Option is missing when creating a new costum VPN Tunnel.

 

On Firmware Version 7.4.7 everything is fine. The checkbox is displayed and can be unchecked.New_VPN_on_7.4.7.PNG

When creating a new policy i can switch the Action to "IPsec" an choose the VPN tunnel:

Test_Pol_on_7.4.7.PNG

 

After upgrading the same Fortigate 40F to Version 7.6.0 the "Enable IPsec Interface Mode" is disappeared:

New_VPN_on_7.6.0.PNG

Without unchecking this option i can't choose the VPN tunnel in a new policy

Test_Pol_on_7.6.0.PNG

I already tried to deactivate the "policy-based IPsec VPN" Feature and active it again. It did not work. I also updated the Firmware to 7.6.1 and 7.6.2. On both versions the same problem.

 

Is this a bug or kinda a feature?

 

Best regards from Germany,

Florian

Labels:
714
0 Kudos
7 REPLIES 7
funkylicious
SuperUser
SuperUser

Created on ‎02-17-2025 08:43 AM

hi,

try from cli

 

config system settings

set gui-policy-based-ipsec enable

end

 

or from GUI , System > Feature Visibility > Policy based IPsec

"jack of all trades, master of none"
"jack of all trades, master of none"
693
Floto
New Contributor II
In response to funkylicious

Created on ‎02-17-2025 10:17 PM

Hi funky,

 

thanks for your advice, unfortunately it didn't help.
I also tried to disable first and enable via cli.

634
0 Kudos
dingjerry_FTNT
Staff
Staff

Created on ‎02-17-2025 02:18 PM

Hi @Floto ,

 

"I already tried to deactivate the "policy-based IPsec VPN" Feature and active it again"

 

How did you do it?

Regards,

Jerry
679
Floto
New Contributor II
In response to dingjerry_FTNT

Created on ‎02-17-2025 10:19 PM

Hi dingjerry_FTNT,

 

i tried it via GUI and CLI, neither worked.

629
0 Kudos
dingjerry_FTNT
Staff
Staff
In response to Floto

Created on ‎02-18-2025 07:26 AM Edited on ‎02-18-2025 07:26 AM

Hi @Floto ,

 

As I mentioned, this should be a GUI bug.  Please raise a TAC ticket to request for a Bug report on this issue.

 

Meanwhile, you may create the policy-based IPSec VPN using the CLI commands  "config vpn ipsec phase1 | phase2]" for your phase1 & phase2 settings as a workaround. 

 

Once created, I believe that you can see it in GUI.

Regards,

Jerry
595
0 Kudos
dingjerry_FTNT
Staff
Staff

Created on ‎02-17-2025 03:26 PM

Hi @Floto ,

 

I just did a quick test and think that this is a bug. 

 

You may raise a TAC ticket to request the TAC team to report a bug for you.

Regards,

Jerry
671
dingjerry_FTNT
Staff
Staff
In response to dingjerry_FTNT

Created on ‎02-17-2025 03:32 PM

@Floto ,

 

BTW, I think that this is a GUI bug.  Because I still see the CLI commands for policy-based IPSec VPN configurations.

Regards,

Jerry
666
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.