Skip to main content
Fikusir
Fikusir
Explorer
September 8, 2022
Question

IPSec stop working for a while when uploading file

  • September 8, 2022
  • 3 replies
  • 3226 views

Hello,

I am definitely lost and need help if possible.

 

Have two FGs connected by IPSec tunnel:

  1. Site A - FG50E 6.2.11 (1Gbit/1Gbit)
  2. Site B - FG100E 6.4.8 (100Mbit/100Mbit)

All traffic run smoothly, but when I transfer via SMB bigger file (50MB for example) on Windows server from site A to site B then it runs few secs and then I see that communication between these two sites is interrupted - all devices on site A are down.

 

The interruption takes usually 3-4 pings and then come back.

 

I also tried to ping 8.8.8.8 from site A during the interruption and it was working properly. It means to me that connectivity is good, but VPN has some problems. Unfortunately I do not see any error in VPN events.

 

During the interruption I tried to ping site B from another site and it is working properly.

 

Do you have any ideas how to find the reason of this issue?

 

Already tried to switch of all UTMs between both sites.

 

Thank you so much, Michal

3 replies

Vichu_94
Staff
Vichu_94
Staff
September 8, 2022

Hi Fikusir

Please try to follow the below link to troubleshoot the issue for Ipsec tunnel 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Troubleshooting-IPsec-VPN-tunnel-errors-with-large/ta-p/194539

Regards
Vishal P

    Fikusir
    FikusirAuthor
    Explorer
    September 8, 2022

    Seems to be good to me

     

    Diagnose A)

    UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1406 Metric:1
    RX packets:1042134 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1096519 errors:1 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:938168424 (894.7 MB) TX bytes:784801561 (748.4 MB)

     

    Diagnose B)

    if=SESTO_PRAGUE family=00 type=768 index=17 mtu=1406 link=0 master=0
    ref=53 state=start present fw_flags=0 flags=up p2p run noarp multicast
    Qdisc=noqueue
    stat: rxp=1043481 txp=1098022 rxb=938569924 txb=785086536 rxe=0 txe=1 rxd=0 txd=0 mc=0 collision=0
    re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
    te: txa=0 txc=0 txfi=0 txh=0 txw=0
    misc rxc=0 txc=0
    input_type=0 state=3 arp_entry=0 refcnt=53

    akristof
    Staff
    akristof
    Staff
    September 8, 2022

    Hi,

    I would focus on ESP (UDP/4500) communication when this is happening. I had an experience with very similar problem, tunnel working file, as soon larger file started to be transferred, it got disconnected. I would check if you will be receiving packets on both ends (encrypted packets). In my case, there was ddos protection in one of the customer's DCs that was triggered with higher volume of packets.

      Terms & ConditionsAccessibility statement