Fortinet black logo

FortiGate-7000 Release Notes

IPsec VPN features that are not supported

IPsec VPN features that are not supported

FortiOS 6.0.6 for FortiGate-6000 and FortiGate-7000 does not support the following IPsec VPN features:

  • Policy-based IPsec VPN is not supported. Only tunnel or interface mode IPsec VPN is supported.
  • Policy routes cannot be used for communication over IPsec VPN tunnels.
  • VRF routes cannot be used for communication over IPsec VPN tunnels.
  • Remote networks with 0- to 15-bit netmasks are not supported. Remote networks with 16- to 32-bit netmasks are supported.
  • IPv6 clear-text traffic (IPv6 over IPv4 or IPv6 over IPv6) is not supported.
  • The FortiGate-7000 does not support load-balancing IPsec VPN tunnels to multiple FPMs. The FortiGate-6000 does support load balancing IPsec VPN tunnels to multiple FPCs as long as only static routes are used over the IPsec VPN tunnel and the configuration doesn't send traffic between IPsec VPN tunnels.
  • IPsec SA synchronization between HA peers is not supported. After an HA failover, IPsec VPN tunnels have to be re-initialized.

IPsec VPN features that are not supported

FortiOS 6.0.6 for FortiGate-6000 and FortiGate-7000 does not support the following IPsec VPN features:

  • Policy-based IPsec VPN is not supported. Only tunnel or interface mode IPsec VPN is supported.
  • Policy routes cannot be used for communication over IPsec VPN tunnels.
  • VRF routes cannot be used for communication over IPsec VPN tunnels.
  • Remote networks with 0- to 15-bit netmasks are not supported. Remote networks with 16- to 32-bit netmasks are supported.
  • IPv6 clear-text traffic (IPv6 over IPv4 or IPv6 over IPv6) is not supported.
  • The FortiGate-7000 does not support load-balancing IPsec VPN tunnels to multiple FPMs. The FortiGate-6000 does support load balancing IPsec VPN tunnels to multiple FPCs as long as only static routes are used over the IPsec VPN tunnel and the configuration doesn't send traffic between IPsec VPN tunnels.
  • IPsec SA synchronization between HA peers is not supported. After an HA failover, IPsec VPN tunnels have to be re-initialized.