Fortigate IPSec VPN Error "ignoring request to establish IPsec SA, no policy configured"

最近瘋狂玩弄被玩弄Azure cloud service....

它可以跟內網建立IPSec VPN，增加IT人員負擔強化內網跟Azure之間的overhead安全性。

好啦！問題來啦！拿了一台舊舊的Fortigate來被搞搞它.....出現以下error....

"ignoring request to establish IPsec SA, no policy configured"

這要下command去debug看，那台fortigate舊到連WEB UI上的LOG都沒有，真是法刻由！

一查之下還真是複雜，嚇死我了，其實是週五懶得看了，沒想看到官網的技術文件還真是簡單又明瞭！

Hey Dude, To remedy this, ensure that there is at least one security policy where one of the interfaces is a VPN tunnel interface and there is at least one route which uses the tunnel interface as the gateway.

https://kb.fortinet.com/kb/documentLink.do?externalID=FD38912

意思就是，孩子，把Security Policy設一下，還有Routing搞一搞。(喔....原來no policy configured是說Security Policy)

好孩子我就照辦，就OK了！

收工。