As far as I know nothing has changed with 5.2 routing with IPSec tunnel. With main mode you can leave the networks in phase2 as default 0.0.0.0 (it doesn't show up in CLI) and use static routes to control split tunnel if you want. We use BGP for that part but it's just a routing protocol, no difference from static routes. When we migrated from 5.0 to 5.2 on both sides, we didn't have to change anything. Only differences we noticed were password encryption level and the default DH group/keylife timer values.
Something has changed. call it what you will. I am calling it routing, but if routing hasn't changed then something else has.
On the add static route dialog, I used to be able to select my IPSEC VPN tunnel (dynamic) name in the device box, but since upgrading to 5.2.x I can no longer do that. I only see IPSEC VPN tunnel names in the drop down box for static VPN tunnels.
Whether something has changed or not, how do you guys manage routes when you define a FGT-to-FGT tunnel with 0.0.0.0/0 on both sides?
FG200D 5.6.5 (HA) - primary
[size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size]
FAZ-VM 5.6.5 | Fortimail 5.3.11
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.