Fortinet black logo

Administration Guide

Adding IPsec aggregate members in the GUI

Adding IPsec aggregate members in the GUI

You can configure the Device creation and Aggregate member settings in the VPN Creation Wizard so that a tunnel can be an IPsec aggregate member candidate. You can create a new IPsec aggregate within the IPsec tunnels dropdown list. You can also monitor the traffic for each aggregate member.

To configure an IPsec tunnel with aggregate members in the GUI:
  1. Create the IPsec aggregate tunnel candidate:
    1. Go to VPN > IPsec Wizard.
    2. Enter the tunnel name.
    3. Set Template Type to Custom, then click Next.
    4. In the Network section, expand the Advanced field and enable Aggregate member.

    5. Configure the other settings as needed.
    6. Click OK.
  2. Repeat step 1 to create more tunnel candidates as needed.
  3. Create the IPsec aggregate:
    1. Go to VPN > IPsec Tunnels and click Create New > IPsec Aggregate.
    2. Enter an aggregate name.
    3. Select a load balancing algorithm. The options include: Weighted Round Robin (default), L3, L4, and Redundant. Round-robin is available in the CLI.
    4. Add the tunnels that you created in steps 1 and 2. If required, enter weights for each tunnel.
    5. Click OK.

  4. Configure the firewall policy:
    1. Go to Policy & Objects > Firewall Policy.
    2. Create a new policy or edit an existing policy.
    3. Set Incoming Interface to the aggregate tunnel created in step 3.

    4. Configure the other settings as needed.
    5. Click OK.
  5. Configure the static route:
    1. Go to Network > Static Routes.
    2. Click Create New > IPv4 Static Route.
    3. Set Interface to the IPsec aggregate tunnel.

    4. Configure the other settings as needed.
    5. Click OK.
  6. Monitor the traffic:
    1. Go to Monitor > IPsec Monitor.
    2. Expand the IPsec aggregate tunnel (agg-tunnel) to view statistics for each aggregate member.

Adding IPsec aggregate members in the GUI

You can configure the Device creation and Aggregate member settings in the VPN Creation Wizard so that a tunnel can be an IPsec aggregate member candidate. You can create a new IPsec aggregate within the IPsec tunnels dropdown list. You can also monitor the traffic for each aggregate member.

To configure an IPsec tunnel with aggregate members in the GUI:
  1. Create the IPsec aggregate tunnel candidate:
    1. Go to VPN > IPsec Wizard.
    2. Enter the tunnel name.
    3. Set Template Type to Custom, then click Next.
    4. In the Network section, expand the Advanced field and enable Aggregate member.

    5. Configure the other settings as needed.
    6. Click OK.
  2. Repeat step 1 to create more tunnel candidates as needed.
  3. Create the IPsec aggregate:
    1. Go to VPN > IPsec Tunnels and click Create New > IPsec Aggregate.
    2. Enter an aggregate name.
    3. Select a load balancing algorithm. The options include: Weighted Round Robin (default), L3, L4, and Redundant. Round-robin is available in the CLI.
    4. Add the tunnels that you created in steps 1 and 2. If required, enter weights for each tunnel.
    5. Click OK.

  4. Configure the firewall policy:
    1. Go to Policy & Objects > Firewall Policy.
    2. Create a new policy or edit an existing policy.
    3. Set Incoming Interface to the aggregate tunnel created in step 3.

    4. Configure the other settings as needed.
    5. Click OK.
  5. Configure the static route:
    1. Go to Network > Static Routes.
    2. Click Create New > IPv4 Static Route.
    3. Set Interface to the IPsec aggregate tunnel.

    4. Configure the other settings as needed.
    5. Click OK.
  6. Monitor the traffic:
    1. Go to Monitor > IPsec Monitor.
    2. Expand the IPsec aggregate tunnel (agg-tunnel) to view statistics for each aggregate member.