Helpful ReplyHot!Where can I view the complete configuration generated by the IPSec wizard? (defaults?)

Author
rbross
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/01/29 10:46:19
  • Status: offline
2018/10/25 06:19:20 (permalink)
0

Where can I view the complete configuration generated by the IPSec wizard? (defaults?)

I'm used to configuring IPSec tunnels manually, and specifying encapsulation, hash, etc.  I have Fortigate 30e firewalls, and whenever you select "Create new" under "IPSec tunnels" it takes you to the Wizard.  This is fine, but if I want to use an undocumented client on Linux such as Openswan or Shrewsoft, I can't find the detailed phase 1 and phase 2 configs.  It appears that some configuration details are "baked in" and not displayed when you dump the configuration.
 
Is there some documentation as to what is used for all IPSec config attributes? For example, DES, 3DES, etc.
 
Thanks
#1
tanr
Platinum Member
  • Total Posts : 641
  • Scores: 19
  • Reward points: 0
  • Joined: 2016/05/09 17:09:43
  • Status: offline
Re: Where can I view the complete configuration generated by the IPSec wizard? (defaults?) 2018/10/25 07:43:31 (permalink) ☄ Helpfulby rbross 2018/10/25 07:48:15
4 (1)
The documentation covers a lots of it: http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-ipsecvpn/IntroVPN.htm, including some of the CLI settings.
 
To see more of the possible settings in the GUI, you need to convert a wizard created tunnel to a custom tunnel.  This is hidden in the docs - see the beginning of http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-ipsecvpn/Phase_2/Config_Phase2_Parameters.htm.
 
To see more details than that you'll need to go to the CLI section for vpn ipsec, for example:
 
    config vpn ipsec phase1-interface
    config vpn ipsec phase2-interface
 
See the CLI admin guide for more details on the CLI elements:
http://help.fortinet.com/cli/fos50hlp/56/index.htm
https://docs.fortinet.com/d/fortigate-fortios-5.6.6-cli-reference
 
Remember that in the CLI you need to "show full" to see all options, and that some won't show up unless/until you set various modes for the object you're looking at, though "tree" will show everything.
 
There are also a number of cookbook articles on IPSec VPN.
#2
rbross
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/01/29 10:46:19
  • Status: offline
Re: Where can I view the complete configuration generated by the IPSec wizard? (defaults?) 2018/10/25 07:50:40 (permalink)
0
The "convert to a custom tunnel" is exactly what I needed, thanks.  I've configured all sorts of IPSec firewalls manually with clients, so I needed control (and views) of both sides.  I was attempting to guess the phase 1 SA settings.
#3
Jump to:
© 2019 APG vNext Commercial Version 5.5