How to Bring the IPsec Site-to-Site VPN UP Manually

This article describes how to manually bring the site-to-site IPsec VPN tunnel UP if no active traffic passing through the tunnel.

Scope

FortiGate, v7.0.x, v7.2.x and v7.4.x.

Solution

When an IPsec tunnel is configured and no active user/device is available to generate traffic across the tunnel, it is possible to bring the tunnel manually up to test if both sites have matching parameters and configurations.

GUI method

Go to Dashboard > Network > IPsec.

Select Bring Up > All Phase2 Selectors.

CLI method:

execute vpn ipsec tunnel up <Phase1 name>

If the IPsec tunnel Phase2 went up, it means that the configuration is correct and has matching parameters with the peer. If the tunnel fails to go up, check and verify if the configuration is correct on both sides.