Please disable add-route on the ipsec phase-1 interface on all involved
parts.config vpn ipsec phase1-interface edit set add-route
disable next endAlso, make sure the IP addresses and subnet is correctly
configured on tunnel interfaces.On HUB the re...
Hello Benny, For FortiClient connections, you can use the peer ID. This
feature is available on both FGT and FortiClient EMS, and it will allow
FortiClient to connect to the correct dial-up tunnel.
https://community.fortinet.com/t5/FortiGate/Technica...
Hi, I would suggest to try 7.2.1 FCT and make sure you provide full-disk
access:
https://docs.fortinet.com/document/forticlient/7.2.1/macos-release-notes/223986/special-noticesThere
are some BUGs on 7.0.9 Free FCT that may cause this issue:
https://d...
Hi, There is another solution available on VMs. You can still use FGCP
HA cluster but you can exclude some parts of the config from sync. On
VMs the following part of the config can be excluded from HA Sync: #
config system vdom-exception edit 1 set ...