Fortigate IPSec VPN interface

I upgraded to FortiOSv4.0,build0458,110627 (MR3 Patch 1) on our central Fortigate router.
An Auto Key (IKE) IPSec VPN is configured over the WAN.01 link.

I recently phisically reconnected the WAN.01 link from port11 to port15 on the central FGT to increase performance, since only ports[12..15] use FortiASIC HW acceleration.
This involved replicating FW rules, routing and other settings from port11 to port15.

As a result, I cannot change the "Local Interface" under phase1 settings.
When I try to switch from port11 to port15 I get the message:
"Invalid IP range."

I set the administrative and link status of port 11 to "down".

This is the private range I use for the remote Fortigate units:

config router static
    edit 5
        set device "to Spokes"
        set dst 192.168.0.0 255.255.0.0
    next
end

Open in new window


The local subnet for the central Fortigate is set to 192.168.1.0/24.

Another consequence of switching ports is that now the majority of outgoing network traffic from local LAN is flowing through the WAN.02 link which is located on port12, even though port11 is selected in phase1 configuration. FW policy statistics show around 500000 packets for port15 and 60 million packets on port12.

The destination address in phase2 quick mode selector on the remote fortigate units is set to:
192.168.0.0/17.

I unset all load balancing related weight settings on all interfaces.

What is eluding me here?
Any help is greatly appreciated.

proteus-IVAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
proteus-IVConnect With a Mentor Author Commented:
I upgraded the firmware on the router to the freshly released v4.0,build0482,110920 (MR3 Patch 2)
and now I am able to change the aforementioned setting.

0
 
Steve JenningsIT ManagerCommented:
Can you just delete the old config and upload a new config that looks like you want it to look?

Good luck,
Steve
0
 
proteus-IVAuthor Commented:
Everything is working fine now.
0
 
xananduCommented:
NOTE: this issue was not limited to only you, there were a TON of bugs in 4.0MR3 and 4.0MR3P1, they have largely been fixed in MR3P2, and MR3P3 since its release.
0
 
proteus-IVAuthor Commented:
Yea, you're right.

I found several other bugs in the meantime.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.