After the upgrade, my L2TP VPN broke as expected. I followed the instructions below to create the static route but I am a little confused about step 2:
https://docs.fortinet.com/document/fortigate/7.0.10/fortios-release-notes/927994/l2tp-over-ipsec-configuration-needs-to-be-manually-updated-after-upgrading-from-6-4-x-or-7-0-0-to-7-0-1-and-later
“Change the firewall policy source interface tunnel name to l2t.VDOM.” - From what I can tell, it cannot be renamed once it is created. I am assuming they want me to change the interface in the firewall policies from the old “L2TP-VPN” to “l2t.root” (I do not have an l2t.VDOM)? I did this for the VPN to Internal Network policy and it restored my ability access anything internal from the VPN, but I still can’t get out to the Internet from it. If I change the VPN to virtual-wan-link to the l2t.root interface, it breaks the VPN completely. Not sure what I am missing here?
The “VDOM” part is the name of the VDOM. If you don’t have any additional VDOMs you only have the root VDOM.
If you want your L2TP stuff to access the internet you need a policy that allows that traffic, i.e. l2t.root to whatever is your outside interface.
Gotcha. I created a new policy to allow l2t.root to virtual-wan-link and that restored Internet connectivity. I am still a little confused though, the old L2TP_VPN to virtual-wan-link policy also still seems to be required - if I disable it, the VPN breaks and won’t connect even with the new policy in place. Any ideas why it needs both the tunnel (L2TP-VPN) and the static route (l2t.root) to have policies going to virtual-wan-link?
So do I need to do this if I am upgrading to later versions? like 7.2 and up… like creating this static route after upgrading. TIA