Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Mono_FTNT
Staff
Staff

Created on ‎12-10-2015 12:20 AM Edited on ‎03-24-2022 10:58 AM By Anonymous

Article Id 193677

Technical Note: Replay packet will be detected on a remote site after HA failover occurs

Description

Under site-to-site (gateway-to-gateway) IPSec VPN (IKE v1) environment, if Replay Detection is disabled on an HA system and is disabled on a remote site, a replay packet will be detected on the remote site after a device failover occurred on the HA system.

If a VPN gateway at remote site is a FortiGate, a log like the one shown below will be seen:
date=2015-12-10 time=10:01:23 logid=0101037132 type=event subtype=vpn level=critical vd="root" msg="IPsec ESP" action=error remip=192.168.219.221 locip=192.168.219.226 remport=0 locport=500 outintf="wan1" cookies="04feffb2bb661941/6a535a292216d95c" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" vpntunnel="fgt600c_p1" status=esp_error error_num="Invalid ESP packet detected (replayed packet)." spi="3bcb61c6" seq="0000022e"


Scope

FortiOS version 5.0, 5.2


Solution

Replay Detection works for not only inbound direction but also outbound direction.  So, Replay Detection setting must be the same on the both local and remote sites.

 

2737
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.