I have successfully set up an IPSEC tunnel using policy base as the
other end doesn't support interface mode. I have created a simple rule:
config firewall policy edit 8 set name "IPSEC to H2" set uuid
c5b4e622-67a8-51e8-f7ef-f1a2eec092f6 set srcintf...
I have a FortiGate 60D v6.0.0 build 0076 (GA) interface v31
192.168.31.1/24 I have DNS configured config system dns-server edit
"v31" next edit "OSPF" next edit "ssl.root" nextend(These are all set to
recursive not sure why it doesn't show up in the ...
Ended up converting the IPSEC tunnel to Interface mode. Added the
interface to the dns-server list and now everything works. Not sure how
to get it to work in policy mode as there is no interface to add to the
dns-server config.
@Toshi EsumiThat worked wonders! I'm back in my element and everything
is working great now. @ericli_FTNTSo it was still hitting policy 8 the
IPSEC rule. FG # diag sys session filter clear FG # diag sys session
filter dst 192.168.31.10 FG # diag sys ...
Hmm my deny policy is above my accept policy. Here is a screen shot from
the GUI:(I opened it in by sequence view just in case). I think my issue
is the return rules are should those be set? I have no option to say
ipsec and deny. My best guess was t...