AnsweredAssumed Answered

VPN Exclusions (made inside $FWDIR/lib/crypt.def) does not work

Question asked by 89f54c70-508c-400f-9477-dd8648799b1e on Dec 18, 2018
Latest reply on Dec 18, 2018 by Günther W. Albrecht

ok. here is a proper update for you all, should anyone knows what a heck I'm doing wrong (*wink*) - do let me know


obviously I was following IN DETAIL sk86582 but,:


exec ping (from Fortigate CLI on

5 packets transmitted, 0 packets received, 100% packet loss


whilst on zdebug on CP Cluster:


;[cpu_1];[fw4_0];fw_log_drop_ex: Packet proto=1 -> dropped by vpn_drop_and_log Reason: Clear text packet should be encrypted;


when $FWDIR/lib/crypt.def (on SMS + successfuly pushed is like following:









with following in a proper place as well:


((src in vpn_exclude_src1) and (dst in vpn_exclude_dst1)) and ((src in vpn_exclude_src2) and (dst in vpn_exclude_dst2)) and ((src in vpn_exclude_src3) and (dst in vpn_exclude_dst3))


ps. all in right space, spot and policy installed - just simply DOES NOT WORK and I cannot ping whatever direction I'll take based on the exclude_objects from above.


any clue chaps ?