Tunnel mode i was referring too is when you create a vpn, then use routing to state whether to use a particular VPN. (like netscreen can do)
i remember it being mentioned in the 2.5 docs, it says. If you select " use wildcard selectors" in the Phase 2, heres the online manual extract;
Select this option for routing-based VPNs. A routing-based VPN uses routing information to select which VPN tunnel to use for the connection. In this configuration, the tunnel is referenced indirectly by a route that points to a tunnel interface.
You must select this option if the remote VPN peer is a non-FortiGate unit that has been configured to operate in tunnel interface mode.
Never seen a document that gives any more info though, in netscreen it creates a virtual interface for the vpn and you just route to it (if i remember correctly).
What would be a great feature, would be , as you say, when you create a VPN, it appears as a seperate policy (for example, instead of int -> ext, something like int -> myvpn) whereby you can then put the usual list of rules within it.
That would be cool.
UK Based Technical Consultant
FCSE v2.5
FCSE v2.8
FCNSP v3
Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.