Add Option to Enable/Disable IPsec Tunnel

Question

Add Option to Enable/Disable IPsec Tunnel

Closed this issue 3 months ago · 2 comments

We need to implement a feature that allows users to enable or disable specific IPsec tunnels. This feature should provide the ability to manage tunnels for different firewalls and should include:

Enable a specific IPsec tunnel.
Disable a specific IPsec tunnel.
Ensure clear tunnel status (up/down) is shown.
Implement in a way that works for different tunnel configurations.

Acceptance Criteria:

A clear option to enable or disable any IPsec tunnel.
A simple interface for toggling the tunnel status.
Ensure that changes are logged and errors are handled gracefully.

Answer 1 · 2024-09-13T14:27:15.000Z

Hi,

There is no setting of VPN Ipsec (Phase 1 or Phase2) for enable/disable...

Only way to disable a VPN Ipsec, it is to disable the virtual interface attached to VPN Ipsec (attach to the port)

You can use

Get-FGTSystemInterface MyVPN | Set-FGTSystemInterface -status:disable

and for the monitor, you can look Get-FGTMonitorVpnIPsec

Answer 2 · 2024-09-16T08:13:25.000Z

Get-FGTSystemInterface MyVPN | Set-FGTSystemInterface -status:disable

and for the monitor, you can look Get-FGTMonitorVpnIPsec

Taht Worked !
Thanks