- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: FVS336G V3 FW 4.3.3-6 VPN config:
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just bought this firewall and am trying to configure a Gateway VPN tunnel. I used the VPN wizard and that worked fine. However, when I try to change the encryption from 3DES to AES-256, it works fine for the IKE policy, but when I try to change the VPN policy encryption in the Auto Policy Parameter section to AES-256, it says I need to configure some manual policy parameters before accepting my change. This doesn't seem correct--I am not trying to enter any Manual Policy Parameters. Is this a bug?
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
JohnRo
I reloaded the firmware, restored settings to default and restored settings that I saved and the VPN policy page seems to be working fine now.
Thanks!
john
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336G V3 FW 4.3.3-6 VPN config:
Hello johnjvictor,
Welcome to the community!
Before I replied to your post I have tried to duplicate the issue you are having using one of our test units. I did not experience the issue you are having and I am using the same firmware version. Please try the following and see if it will let you change it:
- Go to VPN>IPSec VPN>VPN Policies
- Select the VPN Policy you have created and click on "Edit"
- Change the encryption
- Click "Apply"
- After the setting have been applied, select the policy again then click "Disable"
- Go to IKE Policies and select the policy you created
- click on "Edit" and change the encryption
See if this will let you apply the changes, if this works go back to VPN policy and enable the policy you have created.
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336G V3 FW 4.3.3-6 VPN config:
JohnRo
Thanks for the suggestion. I tried your sequence exactly and it still did not allow me to change the encryption. But...this is weird and certainly must be a firmware bug. I was finally able to change the encryption by doing the following:
1) Select VPN Policies and disable the one I created
2) Click Edit
3) Change the Policy type from Auto Policy to Manual Policy and then change it back to Auto Policy. When I did this I noticed that the Manual Policy Parameters got grayed out where before they were not.
4) Change the Encryption type to AES-256 in the Auto Policy Parameters section. When I clicked Apply, it asked me to enter End IP addresses in the Traffic Selection section for both Local and Remote. That I can do!!
5) Now when I click Apply it is all good!!
6) Now I can change the Encryption in the IKE policy to AES-256 and then re-enable the VPN policy
This unit is not yet in service or connected to our primary WAN link, so hopefully it will work once it trys to sync the tunnel with our live network. I guess it's possible I got a bad firmware upgrade so I should probably try to reload it.
Thanks for the help!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336G V3 FW 4.3.3-6 VPN config:
Hi johnjvictor,
I must say that was a weird behavior. Reloading the firmware and resetting it to default should be a good idea. Hopefully, it works fine during production.
Let us know if you have more questions. The community is happy to help!
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
JohnRo
I reloaded the firmware, restored settings to default and restored settings that I saved and the VPN policy page seems to be working fine now.
Thanks!
john
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336G V3 FW 4.3.3-6 VPN config:
Hello johnjvictor,
I'm glad it worked for you! 🙂
Thanks,