Skip to main content
atsak
atsak
New Member
January 10, 2018
Question

IPSEC tunnel flaps every 2 - 3 minutes

  • January 10, 2018
  • 4 replies
  • 23639 views

Deploying my 6th fortinet 60e - going not bad.  The tunnel on this one flaps every 2 minutes or so.   It's a route based VPN with a tunnel interface.

 

Link monitor: Interface TUNNEL1 was turned down

then a second or so later

Link monitor:  Interface TUNNEL1 was turned up

 

Tunnel is between the 60E and a Juniper SSG550M.    All the other Fortinet's are fine so far.

 

Dead Peer Detection is turned off

 

How do I figure out WHY the firewall is turning the VPN tunnel down.   I'm at a loss why the other 5 work absolutely fine and this one doesn't.    The firmware versions are the same and I use the same configuration file for each one of them.

    4 replies

    atsak
    atsakAuthor
    New Member
    January 10, 2018

    Is it possible this unit is defective?  It has the latest firmware.

     

    The issue occurs on either the WWAN port or the WAN1 port . . .

     

    I have been testing also connecting to the firewall from the external IP - I seem to lose connection that way too, not over VPN, just for a second or two every couple minutes.

     

    neonbit
    neonbit
    New Member
    January 10, 2018

    You can do a hardware test to confirm if the device is defective by running the following command via the CLI:

     

    diagnose hardware test suite all

     

    Have you checked to make sure the network/wan link the 60E is using is not the problem?

    atsak
    atsakAuthor
    New Member
    January 10, 2018

    Yes, I've tried two different links (one cable one LTE modem), both have the exact same issue but only with this particular device.

    Eyals
    Eyals
    New Member
    July 12, 2018

    Hi,

    Were you able to resolve this?

    I am having the exact same issue with Fortigate on AWS and Juniper SSG550

    sw2090
    SuperUser
    sw2090
    SuperUser
    July 19, 2018

    I had something like that too:

     

    tunnels did not respond but on FGT were not shown as down.

    It turned out they were not down but the FGT does somewhat suspend the tunnel when there is no traffic on it by default. 

    Turning on some keep alive feater (I'd have to look it up again if you need it) stopped this.

    Eyals
    Eyals
    New Member
    July 19, 2018

    In my case, tunnel is seen as down in the VPN monitor, and in the VPN events log, you can see every couple of minutes  messages of the interface is down/up.

    If you can find what solved it for you, it could be helpful, thanks.

    trchia
    trchia
    New Member
    September 21, 2018

    http://kb.fortinet.com/kb/viewContent.do?externalId=12069&sliceId=1

     

    trchia
    trchia
    New Member
    September 21, 2018

    ....also make sure that the key lifetime is not too long.

    Terms & ConditionsAccessibility statement