Establish IPSec VPN with F5 Big-IP and Fortigate 30C

Question

Our primary requirement is to establish IPSec VPN with our F5 Big-IP 5050 on our DataCenter to Fortigate 30C on our branches across the globe.&nbsp;
Question 
1. We haven't successfully done the configuration with both using Static IP. What is the right configuration? 
2. Is F5 capable on establishing IPSec VPN to Fortigate 30C's via Dynamic IP? 
3. Is F5 capable on establishing IPSec VPN to Fortigate 30C's via Dynamic DNS? 
4. What are other method we can establish VPN from F5 to Fortigate 30C?&nbsp;
Help.&nbsp;

bill_chipman_10 · Answer

We are using 11.6 and have found that the ipSec module in F5 is very erratic and not at all reliable. We moved our ipSec connections to another system altogether. SSL VPN connections from our clients work well.

hannes_rapp · Answer

You're correct that IPSec VPN (IP ESP) of BigIP is still unstable in most cross-vendor implementations. As of now, only consider using BigIP as a peer in IPSec VPN implementation when it's paired with ASA, or another BigIP. In various other setups, I have always concluded the stability is just not good. In regards to SSL VPN which is an entirely different thing, I find BigIP to be very stable.

Forum Discussion

Establish IPSec VPN with F5 Big-IP and Fortigate 30C

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Re: Get Started with BIG-IP Virtual Edition (VE), BIG-IQ VE or BIG-IP Cloud Edition Trial

Workshop: Deploy BIG-IP Cloud through Automation

Automating Packet Captures on BIG-IP

Arabic Blackboard F5 series [what is Big-IP]

Re: Mitigating OWASP API Security risks using BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS