Fortigate: L2TP over IPsec configuration needs to be manually updated after upgrading from 6.4.x or 7.0.x

Fortinet has added a special note in the release notes of FortiOS 7.0 as follow:

Source:
https://docs.fortinet.com/document/fortigate/7.0.6/fortios-release-notes/927994/l2tp-over-ipsec-configuration-needs-to-be-manually-updated-after-upgrading-from-6-4-x-or-7-0-0-to-7-0-1-and-later

Unfortunately the second point does not clearly state which policy exactly needs to be changed.
Here is a screenshot of the changed policy:

As you can see, the policy from the l2tp client to the lan has been changed and contains now the new interface named l2t.root (or l2t.VDOM name if VDOMs are used) as source interface.
The second policy which points to the wan with service L2TP still uses the IPSEC tunnel (named l2tp) as source interface and should not be changed to l2t.root interface.

Leave a Reply

Your email address will not be published.