Fortinet black logo

FortiGate-6000 Handbook

Home FortiGate-6000 6.0.6 FortiGate-6000 Handbook

FortiGate-6000 IPsec VPN

6.0.6
7.0.15
7.0.14
7.0.13
7.0.12
7.0.10
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.4.2
6.2.16
6.2.16
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6
6.2.4
6.2.3
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7
5.4.10
Copy Link
Copy Doc ID 109305ab-ce76-11e9-8977-00505692583a:232917
Download PDF

FortiGate-6000 IPsec VPN

FortiOS 6.0 for FortiGate-6000 supports the following IPsec VPN features:

  • Interface-based IPsec VPN (also called route-based IPsec VPN) is supported.
  • Static routes can point at IPsec VPN interfaces and can be used for routing the traffic inside the IPsec VPN tunnel.
  • Dynamic routing (RIP, OSPF, BGP) over IPsec VPN tunnels is supported; however, the FortiGate-6000 does not support IPsec VPN load balancing of IPsec VPN sessions that use dynamic routing over IPsec VPN tunnels.
  • Remote networks with 16- to 32-bit netmasks are supported.
  • Site-to-Site IPsec VPN is supported.
  • Dialup IPsec VPN is supported. The FortiGate-6000 can be the dialup server or client.
  • IPv4 clear-text traffic (IPv4 over IPv4 or IPv4 over IPv6) is supported.

FortiOS 6.0 for FortiGate-6000 does not support the following IPsec VPN features:

  • Policy-based IPsec VPN is not supported. Only tunnel or interface mode IPsec VPN is supported.
  • Policy routes cannot be used for communication over IPsec VPN tunnels.
  • VRF routes cannot be used for communication over IPsec VPN tunnels.
  • Remote networks with 0- to 15-bit netmasks are not supported. Remote networks with 16- to 32-bit netmasks are supported.
  • IPv6 clear-text traffic (IPv6 over IPv4 or IPv6 over IPv6) is not supported.
  • The FortiGate-6000 supports load balancing IPsec VPN tunnels to multiple FPCs as long as only static routes are used over the IPsec VPN tunnel and the configuration doesn't send traffic between IPsec VPN tunnels.
  • IPsec SA synchronization between HA peers is not supported. After an HA failover, IPsec VPN tunnels have to be re-initialized.
Previous
Next

FortiGate-6000 IPsec VPN

FortiOS 6.0 for FortiGate-6000 supports the following IPsec VPN features:

  • Interface-based IPsec VPN (also called route-based IPsec VPN) is supported.
  • Static routes can point at IPsec VPN interfaces and can be used for routing the traffic inside the IPsec VPN tunnel.
  • Dynamic routing (RIP, OSPF, BGP) over IPsec VPN tunnels is supported; however, the FortiGate-6000 does not support IPsec VPN load balancing of IPsec VPN sessions that use dynamic routing over IPsec VPN tunnels.
  • Remote networks with 16- to 32-bit netmasks are supported.
  • Site-to-Site IPsec VPN is supported.
  • Dialup IPsec VPN is supported. The FortiGate-6000 can be the dialup server or client.
  • IPv4 clear-text traffic (IPv4 over IPv4 or IPv4 over IPv6) is supported.

FortiOS 6.0 for FortiGate-6000 does not support the following IPsec VPN features:

  • Policy-based IPsec VPN is not supported. Only tunnel or interface mode IPsec VPN is supported.
  • Policy routes cannot be used for communication over IPsec VPN tunnels.
  • VRF routes cannot be used for communication over IPsec VPN tunnels.
  • Remote networks with 0- to 15-bit netmasks are not supported. Remote networks with 16- to 32-bit netmasks are supported.
  • IPv6 clear-text traffic (IPv6 over IPv4 or IPv6 over IPv6) is not supported.
  • The FortiGate-6000 supports load balancing IPsec VPN tunnels to multiple FPCs as long as only static routes are used over the IPsec VPN tunnel and the configuration doesn't send traffic between IPsec VPN tunnels.
  • IPsec SA synchronization between HA peers is not supported. After an HA failover, IPsec VPN tunnels have to be re-initialized.
Previous
Next