Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sagha
Staff
Staff

Created on ‎07-12-2022 09:14 AM Edited on ‎02-05-2024 11:52 PM By Community Manager

Article Id 217330

Technical Tip: IPSec Tunnel up but no traffic being passed between FortiGate Azure and Third party device

Description This article explains the scenario where IPSec Tunnel is up and traffic seems to be leaving FortiGate Azure but it is not reaching the remote end. 
Scope FortiGate.
Solution

Follow these steps: 

 

  1. Verify the IPSec ports being used on FortiGate using the following commands.

 

diagnose vpn ike gateway list name <tunnel_name>

diagnose vpn tunnel list name <tunnel_name>

 

  1. If port 500 is being used, try to switch the connectivity to port 4500. 

 

config vpn ipsec phase1-interface

edit "VPN-Phase1"

set nattraversal forced

end

 

Make sure NAT-Traversal is also enabled on the remote end on a Third-party device.

 

  1. Flush the tunnel.

 

diagnose vpn tunnel flush <tunnel_name>

diagnose vpn ike  gateway flush name <tunnel_name>

 

  1. Verify if the connectivity is established on port 4500 using the same commands in the first step. 
  2. Initiate the traffic and it could work after this. 

 

Labels:
26187
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.