Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
viccfle
New Contributor

Individual Phase 2 up/down control option missing from WebUI

I've been migrating my FortiOS from 5.4 to 5.6 across my DCs and I've noticed that on 5.6 the WebUI, under IPsec Monitoring, I no longer have the option to 'Bring Up/Down' a specific Phase 2. You can only bring up the whole tunnel. I'm familiar with dropping a phase 2 at the command line, it was just much more convenient in the WebUI. Anyone know if this is in fact gone or if perhaps I just don't have my settings correct to see and administrate these phase 2 connections separate?

  

2 REPLIES 2
ede_pfau
Esteemed Contributor III

In the IPsec monitor, enable the column "Phase 2 selectors". Then you can see and bring up/tear down individual phase2's, or even all at once.

 

But not on all multi-tunnel VPNs...one of mine will only show ONE single phase2. Turned out I had been lazy and configured 'named address' as selector, and used an address group. Less work but less control.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
viccfle

Thanks for the response! Yes, most of our customers will have several proxy-id/encryption domains, so it was nice in 5.4 to have the ability to up/down a single connection on the WebUI within that tunnel without the potential of bouncing the whole tunnel affecting prod traffic. The CLI method definitely isn't as convenient.

Labels
Top Kudoed Authors