Fortigate IPSec tunnels UDP traffic broken

Question

Hi,We had a problem with IPSEC tunnels.A main location with a Fortigate 60, Firmware 6.2.5, with a application server in the network. This Fortigate has configured about 20 IPSEC tunnels to other remote locations. Some locations have a Fortigate, some locations have a SonicWall.Tunnels are all up and running, works fine. Application use UDP traffic with port 1100. Works fine.But sometimes, the remote application can’t connect to the server anymore and is “disconnected”.From the server I can ping the remote application, from the remote, I can ping the server, works fine but UDP traffic port 1100 is not possible anymore.When we disconnect the tunnel and re-connect, no difference, still problems.The only possibility to let it work again is the following command: diagnose sys session filter dport 1100diagnose sys session clear Then it works fine again without any problems.For now, we’ve scheduled this command every couple of hours but I don’t get what is the real problem here.In the former situation, main location has a SonicWall without any problems, now is the main location a Fortigate and we’ve kill the UDP 1100 traffic to make it work again. I’ve tried to set the Auto-negotiate on or off but no difference. Any idea what I can do?

Toshi_Esumi · Answer

You didn't describe if this problem happens even Hub FGT - Remote FGT combination, not only Hub FGT - Remote SonicWall. But I assume the remote doesn't matter, then you do the clear sessions at the Hub FGT.

What I would do is compare the sessions between when it's working and after it stopped working with "show sys session list" after putting the dport filter in place. There must be some difference since it solves when you clear them.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded