INCOMING CONNECTION, VIP ,IPSEC problem

Question

We’re having a problem with our Incoming connections on the fortigate.   So we’ve a couple of VIP’s and ipsec tunnels  Suddenly https/ssh/.... traffic to a server with a vip and port forwarding the traffic drops.   Also mgmt actions on the web gui of the fortigate using ipsec tunnel suddenly doesn’t work anymore.   We’ve openend a ticket 4weeks ago with fortinet  What we see is “”no session match”  in the debug flow. They think it’s the npu unit of the fortigate with a bug.   I downgrade in a couple steps from 6.2.3 to 6.0.5 without succes.   So we think it’s a worng setting ... someone  that can help us?

Dave_Hall · Answer

Sounds like the regular administration access ports may need to be changed if they conflict or interference with any of the ports on your VIP/IPSec tunnels.

From the CLI, you can check/set the management port access as follows:

config system global set admin-idle-timeout <integer> set port-http <integer> set port-https <integer> set port-ssh <integer> set port-telnet <integer> end As for the interface admin access setting (mgmt as an example):

config system interface edit "mgmt" set allowaccess ping https ssh http fgfm next end

And from the GUI:

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded