Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bkarl
Staff
Staff

Created on ‎08-29-2023 11:35 AM Edited on ‎08-29-2023 12:06 PM By Staff

Article Id 270960

Troubleshooting Tip: How to prevent a down service on VPNs before to upgrade from v6.0.x to v6.4.x or above

Description

This article describes the workaround for an IP's configured pool with ARP reply enabled and an upgrade from v6.0.X to v6.4.0 or above is processed, but VPNs do not up at v6.4.0.
Scope FortiGate v6.4.X above.
Solution
  1. To avoid down services on VPNs when the ISP is advising prefixes by BGP, it is suggested to add a secondary IP address in order to keep VPNs always UP after the Upgrade finishes.
  2. The following behavior will happen if a secondary IP address is not added to the WAN interface.

KB 18 - 1.jpg

 

  1. The VPNs are down. So before upgrading, it is better to add a secondary IP on the WAN interface when on v6.0.x. Consider there is an IP pool with ARP reply enabled on v6.0.x.

 

The result must be like this:

 

KB 18 - 2.jpg
306
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.