Skip to main content
Coldfirex
Coldfirex
New Member
April 23, 2013
Question

Virtual IP stops working

  • April 23, 2013
  • 5 replies
  • 4785 views
Howdy, We have seen an issue at least 2-3 times where a VIP seems to stop working. The most recent one in question was to a linux box via SSH. The connection just completely stops working. The only way to fix the issue, besides maybe rebooting, is to edit the VIP to be incorrect, and then go back in, and correct it. After this the connection works. We have also seen this with some IPSEC VPN Tunnels and we have to do the same process to get it up. We have noticed this on firmwares up to 4.2.15 and 4.3.12. Any thoughts? Thanks! Alan

    5 replies

    emnoc
    emnoc
    New Member
    April 23, 2013
    Q: VIP for ipsec/ssh how' s the ike/tcp timers and how are identifying the VIP stops working?
    Coldfirex
    ColdfirexAuthor
    New Member
    April 23, 2013
    Do you mean like a session ttl? If so, I dont have any set for the SSH VIP (other than what might be a system default). The way we tell is when a client starts complaining. :( When its down we can try to connect from a different location and it does not respond.
    emnoc
    emnoc
    New Member
    April 23, 2013
    Why do we 1st start be identifying the config and the type of vip show firewall vip " name here" Also if it' s a load-balance vip with healthchecks, execute the following; diag firewall vip virtual-server real-server list diag firewall vip realserver list And in your diagnostic, you need to run packet diag sniffer to make sure traffic is getting to the firewall when you realize it' s down and users are complaining
    Coldfirex
    ColdfirexAuthor
    New Member
    April 23, 2013
    No load balancing here. set extip 208.1.1.1 (<- IP changed obviously) set extintf " wan1" set portforward enable set mappedip 192.168.251.1 set extport 22 set mappedport 22 I did not run the diag sniffer unfortunately due to the client being on the phone, but I can try to remember for next time.
    Coldfirex
    ColdfirexAuthor
    New Member
    May 6, 2013
    Had this happen again. :( I ran a packet diag sniff and found that no packets were recorded for some reason. As soon as I changed a setting in the VIP, saved, changed back, saved, it started working again and I saw traffic being flagged by the sniffer. The strange part is that I rebooted the FortiGate before this and there was no change. :\ Any ideas?
    Terms & ConditionsAccessibility statement