FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sagha
Staff
Staff
Article Id 217330
Description This article explains the scenario where IPSec Tunnel is up and traffic seems to be leaving FortiGate Azure but it is not reaching the remote end. 
Scope FortiGate.
Solution

Follow these steps: 

 

  1. Verify the IPSec ports being used on FortiGate using the following commands.

 

diagnose vpn ike gateway list name <tunnel_name>

diagnose vpn tunnel list name <tunnel_name>

 

  1. If port 500 is being used, try to switch the connectivity to port 4500. 

 

config vpn ipsec phase1-interface

edit "VPN-Phase1"

set nattraversal forced

end

 

Make sure NAT-Traversal is also enabled on the remote end on a Third-party device.

 

  1. Flush the tunnel.

 

diagnose vpn tunnel flush <tunnel_name>

diagnose vpn ike  gateway flush name <tunnel_name>

 

  1. Verify if the connectivity is established on port 4500 using the same commands in the first step. 
  2. Initiate the traffic and it could work after this.