Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rishab444
Staff
Staff

Created on ‎03-27-2024 06:42 AM Edited on ‎03-27-2024 06:43 AM By Community Manager

Article Id 306815

Technical Tip: Error connecting to Security Fabric root over IPSec tunnel when in IPSec aggregate

Description This article describes that it is not possible to connect to the Security Fabric root, where the root is over an IPSec tunnel which is part of an aggregate IPSec.
Scope FortiGate.
Solution
  1. Confirm the aggregate link available under IPSec Tunnels:
 

aggr.PNG

 

  1. Confirm this aggregate link is not available to the server as an interface for the Security Fabric connection.
 

MicrosoftTeams-image (7).png

 

  1. This behavior is expected and the tunnels part of the aggregate IPSec can't be used as fabric root. Alternatively, same aggregate could be achieved using SD-WAN.
  2. Create a new SD-WAN Zone with the required two tunnels.

 

MicrosoftTeams-image (6).png

 

  1. Create an SD-WAN rule that will exhibit the behavior of an IPSec tunnel aggregate as shown below where Interface selection criteria must Maximize bandwidth.

 

MicrosoftTeams-image (8).png

 

  1. Confirm that now the interfaces created under SD-WAN which are acting like aggregate links can be used as fabric root interfaces.

 

Picture2.png
102
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.