ADVPN - Hub and spoke - All tunnels hangs after HA switch

Forum|Forum|5 months ago
December 24, 2025
2 replies
436 views

Hi,

we set up an ADVPN Hub and Spoke VPN where:

HUB are 2 Fortigate 2600F in Active-Passive HA configuration
Spokes are Fortigate 60F

Firmware is 7.4.9 version

The VPN works fine, anyway we have problems when some bad events occurs. For example if power goes off or the Hub lost some connectivity and HA switch the primary node, all IPSEC tunnels hangs (they are up but not working)

The only way to resume them is to restart every tunnel spoke side (waiting at least 10 seconds between down and up)

Does exist a way to avoid this situation? Why the HA switch causes the hanging?

Thanks

Stephen_G

Moderator

Hello pacionet,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Regards,

Stephen_G - Fortinet Community Team

yderek

Staff

@pacionet Hi, You can take a look of KB below

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Timers-used-for-speedup-Convergence-Failover-and/ta-p/292053

This kind of issue requires a deep dive especially when the issue is happening, best approaching will be open case with TAC and engage them with live troubleshooting

Matt_B

Staff & Editor

Seconded, open a TAC case. Even if it turns out to be a known issue, tunnel issues are unlikely to be identified from a forum post unless they are extremely common. There are just too many different possible HA and VPN configurations, and too many possible network conditions.

Referencing pacionet's other forum reply, I can say known issue 1006759 is likely not a match since that issue is only reported for chassis FortiGates (6K/7K series)

Is it a bug, is it a feature? It's... not in spec!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded