question

alex avatar image
0 Likes"
alex asked

Route to IPSEC tunnel is not removed when tunnel is down with 6.4.11

I am using a FortiGate 100E firewall.


Until 6.4.8 a static route to an VPN tunnel was removed when the tunnel was down. As it should be.

With 6.4.11 this changed and the route is still active, and other fail over routes cannot take over.


I read that I should remove the static route and let IPSEC VPN add the route automatically.

But that does not work.

At least "set add-route" is not available for "set type static" connections, and "static" is

needed to set the remote-gw address.


How would you configure a failover route, when the route to the failed link is never removed ?


IPsec
10 |600
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

0 Answers

·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MiB each and 10.0 MiB total.

Welcome to FortiAnswers

FortiAnswers is the space dedicated to FortiSASE and FortiOS questions and suggestions.

  • Please review the Community guidelines
  • If you are a moderator, please refer to the Moderation guidelines
  • If something in the above guidelines is unclear, please post your question to the Community Feedback space or the Moderators' space