Ha Link Failure Threshold Changes (422264 ) - Fortinet FortiGate-7060E Handbook

What's new in for FortiGate-7000 v5.4.5

HA Link failure threshold changes (422264 )

The link failure threshold is now determined based on the all FIM modules in a chassis. This means that the
chassis with the fewest active links will become the backup chassis.
FortiGate-7000s running FortiOS v5.4.5 can be configured as dialup IPsec VPN servers
The following shows how to setup a dialup IPsec VPN configuration where the FortiGate-7000 running v5.4.5 acts
as a dialup IPsec VPN server.
Configure the phase1, set type to dynamic.
config vpn ipsec phase1-interface
edit dialup-server
set type dynamic
set interface "v0020"
set peertype any
set psksecret < password>
end
Configure the phase 2, to support dialup IPsec VPN, set the destination subnet to 0.0.0.0 0.0.0.0.
config vpn ipsec phase2-interface
edit dialup-server
set phase1name dialup-server
set src-subnet 4.2.0.0 255.255.0.0
set dst-subnet 0.0.0.0 0.0.0.0
end
To configure the remote FortiGate as a dialup IPsec VPN client
The dialup IPsec VPN client should advertise its local subnet(s) using the phase 2 src-subnet option.
Dialup client configuration:
config vpn ipsec phase1-interface
9
If there are multiple local subnets create a phase 2 for each one. Each phase 2 only
advertises one local subnet to the dialup IPsec VPN server. If more than one local
subnet is added to the phase 2, only the first one is advertised to the server.
Introduction
FortiGate-7000
Fortinet Technologies Inc.