This is a work in progress, I will be... Full Story
By Manny Fernandez
April 25, 2020
IPSec Remote Access VPN Naming Limitations on FortiGate
There is a 15 character limit on the interface names in FortiOS. When using IPSec for remote access VPNs, it is important to take this into account.
As you can see in the screenshot above, anything that goes above 15 characters will error out.
When you create a remote-access VPN using IPSec, the FortiGate will generate an interface for each remote access VPN based on the name of the VPN.
As you can see above, there is a name section. This will be the base for the interface name. Here is the formula
15 (Max Characters) – X = Y
Where X is the number of characters the name is and Y is the number of place holders you are left with. If I base the number of my IPSec VPNs on my lab FortiGate 300E which supports 50,000 VPNs, the longer the name I give, the less amount of VPNs I can create.
If I name the VPN, lets say VPN1, the FortiGate will create a VPN1_1 interface for the first VPN tunnel, then VPN1_2 for the second, and so on. This means that you are limited in the number of VPNs based on the number of characters it will be permitted to add to the interface before it hits its 15 character limitation.
I will now show you with longer names and the effect it will have on the total number of VPNs.
10 Characters
With 10 Characters you will have
15 (max char) – 10 (num of char used) = 5 (That will leave you 5 place holders for the number of VPNs 1,0000 )
11 Characters
With 11 Characters you will have the following. Notice that one more character was used in the name which removes one place value for the number of VPNs
15 (max char) – 11 (num of char used) = 4 (That will leave you 4 place holders for the number of VPNs 1,000 )
12 Characters
With 12 Characters you will have the following. Notice that one more character was used in the name which removes one place value for the number of VPNs
15 (max char) – 12 (num of char used) = 3 (That will leave you 3 place holders for the number of VPNs 100 )
13 Characters
With 13 Characters you will have the following. Notice that one more character was used in the name which removes one place value for the number of VPNs
15 (max char) – 13 (num of char used) = 2 (That will leave you 2 place holders for the number of VPNs 10 )
The point is, try to keep this name at a minimum to get the most amount of IPSec Remote Access VPNs.
Hope this helps
Recent posts
-
-
I have been playing with the free version of... Full Story
-
In my day job, I am on a lot... Full Story