Adding IPsec aggregate members in the GUI 6.2.3
The following support has been added to the GUI in FortiOS 6.2 for IPsec aggregate interfaces:
- You can configure the Device creation and Aggregate member settings in the VPN Creation Wizard so that a tunnel can be an IPsec aggregate member candidate.
Device creation and Aggregate member are disabled by default.
- You can create a new IPsec aggregate within the IPsec tunnels dropdown list.
- You can monitor the traffic for each aggregate member.
To configure an IPsec tunnel with aggregate members in the GUI:
- Create the IPsec aggregate tunnel candidate:
- Go to VPN > IPsecTunnels > Create New > IPsec Tunnel.
- Enter the tunnel name.
- Click Custom > Next. The New VPN Tunnel pane opens.
- In the Network section, expand the Advanced field.
- For Aggregate member, click Enabled.
- Configure the other settings as needed.
- Click OK.
- Repeat step 1 to create more tunnel candidates as needed.
- Create the IPsec aggregate:
- Go to VPN > IPsecTunnels > Create New > IPsec Aggregate.
- Enter an aggregate name.
- Click inside the Members field and add the tunnels you created in steps 1 and 2.
- In the Algorithm dropdown, select a load balancing algorithm. The supported load balancing algorithms are: L3, L4, round-robin (default), and redundant.
- Click OK.
- Configure the static route:
- Go to Network > Static Routes > Create New.
- In the Interface dropdown, select the IPsec aggregate that you created in step 3.
- Configure the other settings as needed.
- Click OK.
- Configure the firewall policy:
- Go to Policy & Objects > IPv4 Policy.
- Create a new policy or edit an existing policy.
- In the Incoming Interface dropdown, select the IPsec aggregate that you created in step 3.
- Configure the other settings as needed.
- Click OK.
- Monitor the traffic:
- Go to Monitor > IPsec Monitor.
- Expand the IPsec aggregate (agg-tunnel) to view statistics for each aggregate member.