Fortinet 30D - No IPSEC VPN Config Via GUI

[rosco]

I had asked here a couple months ago about what firewalls to get for setting up a site to site vpn between a main office and branch office.

I ended up going with a Fortinet 30D and a 60D.

I am now trying to setup the site to site IPSEC vpn. However, when I got to configuring the remote side (30D) the IPSEC menu isn't available in the GUI. After a little searching, it sounds like the 30D does not have that built into the gui and I have to configure via command line? Does that sound right to you?

I have no idea how to set this up via command line.

 

[/usr/home]

What version of FortiOS is it?

 

[rosco]

v5.07 I think? The version they just came out with to fix heartbleed.

 

[Soldier101]

Config the 60d part. Backup the config. Find the part that has VPN stuff. Paste it into the 30d. (After flipping source destination etc)

 

[rosco]

I can give that a try. How do I then plug that config into the 30d? Can I paste that section into a console session?

Sorry, never used anything but the GUI to config.

 

[haunter]

yeah you can paste it into the console section that's in the GUI

or turn on ssh and use that

 

[Nicklebon]

You may need to go to the config->features menu to enable the gui display.

 

[rosco]

No gui config available on the 30D for IPSEC vpn.

I had Fortinet support help with the 30d. They did what Soldier101 described and copied that part of the config from the 60D, and then built it from there.

 

[allc0re]

Any chance you could post your VPN config (with sensative info removed, of course)? I'm trying to setup an ipsec vpn using two 30Ds. I have no option but to use CLI. Been banging my head against the wall for 2 days now. Any help would be appreciated.

 

[Cmustang87]

You won't be able to import your secure key for IPSEC vpn from the config file since the passwords are encrypted. Everything else will work, however.

EDIT: For Fortigate config file changes, I can't recommend Notepad++ with the Compare add-on. Opening up the two config files and it will highlight the differences. There is some information in the header of the config file that you WILL NOT want to import as well.