Created on
03-20-2025
09:53 AM
Edited on
06-29-2025
10:09 PM
By
Jean-Philippe_P
Description | This article describes the issue when IPsec tunnels are down and are missing from the IPsec monitor after changing the IKE TCP Port 4500. |
Scope | FortiGate, IPsec, FortiOS v7.4.2 through v7.4.7. |
Solution |
Whenever the IKE TCP port is changed, all the tunnels over UDP and TCP will be flushed automatically, may it be in v7.4.2+ or v7.6.x
After changing the IKE TCP Port from 4500 to any other port on FortiOS v7.4.2 through v7.4.7, one will observe that all the tunnels will go down when checking VPN > IPsec tunnels, be missing from Dashboard > Network > IPSec Monitor, and will not go up.
After changing, specifically, from IKE TCP 4500 to any other port, it will be necessary to restart the IKE process so that the tunnels can start working again:
diagnose vpn ike restart
This issue does not recur the next time the IKE TCP Port is changed from any port (except TCP 4500) to any other port.
Examples:
config system settings
In some cases, especially for dial-up IPsec VPNs where both IKE and IKE-TCP ports have been changed, restarting the IKE process may not resolve the issue. This behavior has been fixed in v7.4.8 and v7.6.0. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.