Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Anonymous
Not applicable

Created on ‎06-12-2023 02:51 AM

Article Id 259861

Technical Tip: Increasing the stability of L2TP

Description This article describes the ways in which FortiGate administrators can reduce disconnections on L2TP VPN environments.
Scope FortiOS 6.2.4+, 6.4.0+, 7.0 & 7.2.
Solution

To configure L2TP over a FortiGate firewall, it is recommended to consult the following article:

 

https://community.fortinet.com/t5/FortiGate/How-to-configure-L2TP-over-IPSec-on-a-FortiGate/ta-p/197...

 

In some situations, the network environments between the final L2TP users and FortiGate are negatively affected by out-of-order packets.

 

Out-of-order packets can cause malfunctions in the L2TP negotiation processes, which can be viewed in debug logs through the CLI:

 

diagnose debug application l2tp -1

diagnose debug console timestamp enable

diagnose debug enable

 

ipcp: down ppp:0x7fc426052000 caller:0x17762110 tun:-1  <---
LCP Termiate_Request id(6) len(23)                      <---

 

Use the following CLI command to improve the stability of L2TP in certain scenarios:

 

config vpn l2tp

set compress enable | disable*   <-- Enables/Disables data compression. The default is 'disable'.

end
1174
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.