Hot!Individual Phase 2 up/down control option missing from WebUI

Author
viccfle
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/13 14:38:33
  • Status: offline
2019/05/13 14:47:56 (permalink)
0

Individual Phase 2 up/down control option missing from WebUI

I've been migrating my FortiOS from 5.4 to 5.6 across my DCs and I've noticed that on 5.6 the WebUI, under IPsec Monitoring, I no longer have the option to 'Bring Up/Down' a specific Phase 2. You can only bring up the whole tunnel. I'm familiar with dropping a phase 2 at the command line, it was just much more convenient in the WebUI. Anyone know if this is in fact gone or if perhaps I just don't have my settings correct to see and administrate these phase 2 connections separate?
  
#1

2 Replies Related Threads

    ede_pfau
    Expert Member
    • Total Posts : 6019
    • Scores: 480
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: Individual Phase 2 up/down control option missing from WebUI 2019/05/14 02:27:41 (permalink)
    0
    In the IPsec monitor, enable the column "Phase 2 selectors". Then you can see and bring up/tear down individual phase2's, or even all at once.
     
    But not on all multi-tunnel VPNs...one of mine will only show ONE single phase2. Turned out I had been lazy and configured 'named address' as selector, and used an address group. Less work but less control.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #2
    viccfle
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/05/13 14:38:33
    • Status: offline
    Re: Individual Phase 2 up/down control option missing from WebUI 2019/05/14 08:03:27 (permalink)
    0
    Thanks for the response! Yes, most of our customers will have several proxy-id/encryption domains, so it was nice in 5.4 to have the ability to up/down a single connection on the WebUI within that tunnel without the potential of bouncing the whole tunnel affecting prod traffic. The CLI method definitely isn't as convenient.
    #3
    Jump to:
    © 2019 APG vNext Commercial Version 5.5