Where can I view the complete configuration generated by the IPSec wizard? (defaults?) | Fortinet Technical Discussion Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
- Member List
- Online User List
- User Groups

Videos, Cookbook, KB

Mark Thread UnreadFlat Reading Mode ❐

Helpful ReplyHot!Where can I view the complete configuration generated by the IPSec wizard? (defaults?)

Author Post Essentials Only Full Version
rbross New Member Total Posts : 7 Scores: 0 Reward points: 0 Joined: 2018/01/29 10:46:19 Status: offline 2018/10/25 06:19:20 (permalink) 0 Where can I view the complete configuration generated by the IPSec wizard? (defaults?) I'm used to configuring IPSec tunnels manually, and specifying encapsulation, hash, etc. I have Fortigate 30e firewalls, and whenever you select "Create new" under "IPSec tunnels" it takes you to the Wizard. This is fine, but if I want to use an undocumented client on Linux such as Openswan or Shrewsoft, I can't find the detailed phase 1 and phase 2 configs. It appears that some configuration details are "baked in" and not displayed when you dump the configuration. Is there some documentation as to what is used for all IPSec config attributes? For example, DES, 3DES, etc. Thanks #1 List Solutions Only 2 Replies Related Threads
tanr Platinum Member Total Posts : 641 Scores: 19 Reward points: 0 Joined: 2016/05/09 17:09:43 Status: offline Re: Where can I view the complete configuration generated by the IPSec wizard? (defaults?) 2018/10/25 07:43:31 (permalink) ☄ Helpfulby rbross 2018/10/25 07:48:15 4 (1) The documentation covers a lots of it: http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-ipsecvpn/IntroVPN.htm, including some of the CLI settings. To see more of the possible settings in the GUI, you need to convert a wizard created tunnel to a custom tunnel. This is hidden in the docs - see the beginning of http://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-ipsecvpn/Phase_2/Config_Phase2_Parameters.htm. To see more details than that you'll need to go to the CLI section for vpn ipsec, for example: config vpn ipsec phase1-interface config vpn ipsec phase2-interface See the CLI admin guide for more details on the CLI elements: http://help.fortinet.com/cli/fos50hlp/56/index.htm https://docs.fortinet.com/d/fortigate-fortios-5.6.6-cli-reference Remember that in the CLI you need to "show full" to see all options, and that some won't show up unless/until you set various modes for the object you're looking at, though "tree" will show everything. There are also a number of cookbook articles on IPSec VPN. #2
rbross New Member Total Posts : 7 Scores: 0 Reward points: 0 Joined: 2018/01/29 10:46:19 Status: offline Re: Where can I view the complete configuration generated by the IPSec wizard? (defaults?) 2018/10/25 07:50:40 (permalink) 0 The "convert to a custom tunnel" is exactly what I needed, thanks. I've configured all sorts of IPSec firewalls manually with clients, so I needed control (and views) of both sides. I was attempting to guess the phase 1 SA settings. #3

Jump to:

© 2019 APG vNext Commercial Version 5.5