Fortinet black logo

New Features

Adding IPsec aggregate members in the GUI  6.2.3

Copy Link
Copy Doc ID 761d83e3-4a7b-11e9-94bf-00505692583a:657059
Download PDF

Adding IPsec aggregate members in the GUI 6.2.3

The following support has been added to the GUI in FortiOS 6.2 for IPsec aggregate interfaces:

  • You can configure the Device creation and Aggregate member settings in the VPN Creation Wizard so that a tunnel can be an IPsec aggregate member candidate.
    Note

    Device creation and Aggregate member are disabled by default.

  • You can create a new IPsec aggregate within the IPsec tunnels dropdown list.
  • You can monitor the traffic for each aggregate member.
To configure an IPsec tunnel with aggregate members in the GUI:
  1. Create the IPsec aggregate tunnel candidate:
    1. Go to VPN > IPsecTunnels > Create New > IPsec Tunnel.
    2. Enter the tunnel name.
    3. Click Custom > Next. The New VPN Tunnel pane opens.
    4. In the Network section, expand the Advanced field.
    5. For Aggregate member, click Enabled.
    6. Configure the other settings as needed.
    7. Click OK.

  2. Repeat step 1 to create more tunnel candidates as needed.
  3. Create the IPsec aggregate:
    1. Go to VPN > IPsecTunnels > Create New > IPsec Aggregate.
    2. Enter an aggregate name.
    3. Click inside the Members field and add the tunnels you created in steps 1 and 2.
    4. In the Algorithm dropdown, select a load balancing algorithm. The supported load balancing algorithms are: L3, L4, round-robin (default), and redundant.
    5. Click OK.

  4. Configure the static route:
    1. Go to Network > Static Routes > Create New.
    2. In the Interface dropdown, select the IPsec aggregate that you created in step 3.
    3. Configure the other settings as needed.
    4. Click OK.

  5. Configure the firewall policy:
    1. Go to Policy & Objects > IPv4 Policy.
    2. Create a new policy or edit an existing policy.
    3. In the Incoming Interface dropdown, select the IPsec aggregate that you created in step 3.
    4. Configure the other settings as needed.
    5. Click OK.

  6. Monitor the traffic:
    1. Go to Monitor > IPsec Monitor.
    2. Expand the IPsec aggregate (agg-tunnel) to view statistics for each aggregate member.

Adding IPsec aggregate members in the GUI 6.2.3

The following support has been added to the GUI in FortiOS 6.2 for IPsec aggregate interfaces:

  • You can configure the Device creation and Aggregate member settings in the VPN Creation Wizard so that a tunnel can be an IPsec aggregate member candidate.
    Note

    Device creation and Aggregate member are disabled by default.

  • You can create a new IPsec aggregate within the IPsec tunnels dropdown list.
  • You can monitor the traffic for each aggregate member.
To configure an IPsec tunnel with aggregate members in the GUI:
  1. Create the IPsec aggregate tunnel candidate:
    1. Go to VPN > IPsecTunnels > Create New > IPsec Tunnel.
    2. Enter the tunnel name.
    3. Click Custom > Next. The New VPN Tunnel pane opens.
    4. In the Network section, expand the Advanced field.
    5. For Aggregate member, click Enabled.
    6. Configure the other settings as needed.
    7. Click OK.

  2. Repeat step 1 to create more tunnel candidates as needed.
  3. Create the IPsec aggregate:
    1. Go to VPN > IPsecTunnels > Create New > IPsec Aggregate.
    2. Enter an aggregate name.
    3. Click inside the Members field and add the tunnels you created in steps 1 and 2.
    4. In the Algorithm dropdown, select a load balancing algorithm. The supported load balancing algorithms are: L3, L4, round-robin (default), and redundant.
    5. Click OK.

  4. Configure the static route:
    1. Go to Network > Static Routes > Create New.
    2. In the Interface dropdown, select the IPsec aggregate that you created in step 3.
    3. Configure the other settings as needed.
    4. Click OK.

  5. Configure the firewall policy:
    1. Go to Policy & Objects > IPv4 Policy.
    2. Create a new policy or edit an existing policy.
    3. In the Incoming Interface dropdown, select the IPsec aggregate that you created in step 3.
    4. Configure the other settings as needed.
    5. Click OK.

  6. Monitor the traffic:
    1. Go to Monitor > IPsec Monitor.
    2. Expand the IPsec aggregate (agg-tunnel) to view statistics for each aggregate member.