Two Fortigates experience no traffic passing to remote P2P VPN

Forum|Forum|3 years ago
July 30, 2022
1 reply
876 views

I have two separate data centers running FG pairs, a 101 and 201. One is running 6.2 and the other is running 6.4. Running 20-30 VPN tunnels on each set. I am seeing issues with only 1 remote VPN on each Fortigate, one a Meraki and one a Sonicwall. VPNs have been running over a year clean.

The VPN in question is up on both phases. I see traffic coming in from the remote site, but the application is not recognizing the traffic(running tcpdump on the application server, i see traffic hitting the correct port.) I am unable to ping/access the other side of the VPN. Packet captures on the VPN interface show traffic leaving the Fortigates, but the other party does not see it. Since packet captures are showing traffic leaving the Fortigates, blame is placed on the remote VPN via support. I can't really place blame on the other VPN, since the exact same behavior is seen on two different firewalls, running two different firmwares, in two separate data centers. VPNs have been rebuilt on the remote side with no difference in behavior.

Anyone seen this behavior before?

FortiGate

Toshi_Esumi

SuperUser

You wrote "the exact same behavior is seen on two different firewalls". What exactly did you mean? Is the traffic over the tunnel, ex. ping packets, from the server behind the FGT showing up on Meraki and Sonicwall side? And ping responses from the destinations are leaving those FWs into the tunnel?

Toshi

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded