Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

Adding IPsec aggregate members in the GUI

You can configure the Device creation and Aggregate member settings in the VPN Creation Wizard so that a tunnel can be an IPsec aggregate member candidate. You can create a new IPsec aggregate within the IPsec tunnels dropdown list. You can also monitor the traffic for each aggregate member.

To configure an IPsec tunnel with aggregate members in the GUI:
  1. Create the IPsec aggregate tunnel candidate:
    1. Go to VPN > IPsecTunnels > Create New > IPsec Tunnel.
    2. Enter the tunnel name.
    3. Click Custom > Next. The New VPN Tunnel pane opens.
    4. In the Network section, expand the Advanced field.
    5. For Aggregate member, click Enabled.
    6. Configure the other settings as needed.
    7. Click OK.

  2. Repeat step 1 to create more tunnel candidates as needed.
  3. Create the IPsec aggregate:
    1. Go to VPN > IPsecTunnels > Create New > IPsec Aggregate.
    2. Enter an aggregate name.
    3. Click inside the Members field and add the tunnels you created in steps 1 and 2.
    4. In the Algorithm dropdown, select a load balancing algorithm. The supported load balancing algorithms are: L3, L4, round-robin (default), and redundant.
    5. Click OK.

  4. Configure the firewall policy:
    1. Go to Policy & Objects > IPv4 Policy.
    2. Create a new policy or edit an existing policy.
    3. In the Incoming Interface dropdown, select the IPsec aggregate that you created in step 3.
    4. Configure the other settings as needed.
    5. Click OK.

  5. Configure the static route:
    1. Go to Network > Static Routes > Create New.
    2. In the Interface dropdown, select the IPsec aggregate that you created in step 3.
    3. Configure the other settings as needed.
    4. Click OK.

  6. Monitor the traffic:
    1. Go to Monitor > IPsec Monitor.
    2. Expand the IPsec aggregate (agg-tunnel) to view statistics for each aggregate member.

Adding IPsec aggregate members in the GUI

You can configure the Device creation and Aggregate member settings in the VPN Creation Wizard so that a tunnel can be an IPsec aggregate member candidate. You can create a new IPsec aggregate within the IPsec tunnels dropdown list. You can also monitor the traffic for each aggregate member.

To configure an IPsec tunnel with aggregate members in the GUI:
  1. Create the IPsec aggregate tunnel candidate:
    1. Go to VPN > IPsecTunnels > Create New > IPsec Tunnel.
    2. Enter the tunnel name.
    3. Click Custom > Next. The New VPN Tunnel pane opens.
    4. In the Network section, expand the Advanced field.
    5. For Aggregate member, click Enabled.
    6. Configure the other settings as needed.
    7. Click OK.

  2. Repeat step 1 to create more tunnel candidates as needed.
  3. Create the IPsec aggregate:
    1. Go to VPN > IPsecTunnels > Create New > IPsec Aggregate.
    2. Enter an aggregate name.
    3. Click inside the Members field and add the tunnels you created in steps 1 and 2.
    4. In the Algorithm dropdown, select a load balancing algorithm. The supported load balancing algorithms are: L3, L4, round-robin (default), and redundant.
    5. Click OK.

  4. Configure the firewall policy:
    1. Go to Policy & Objects > IPv4 Policy.
    2. Create a new policy or edit an existing policy.
    3. In the Incoming Interface dropdown, select the IPsec aggregate that you created in step 3.
    4. Configure the other settings as needed.
    5. Click OK.

  5. Configure the static route:
    1. Go to Network > Static Routes > Create New.
    2. In the Interface dropdown, select the IPsec aggregate that you created in step 3.
    3. Configure the other settings as needed.
    4. Click OK.

  6. Monitor the traffic:
    1. Go to Monitor > IPsec Monitor.
    2. Expand the IPsec aggregate (agg-tunnel) to view statistics for each aggregate member.