Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jcastellanos
Staff
Staff

Created on ‎04-14-2024 10:17 PM Edited on ‎04-14-2024 10:18 PM By Community Manager

Article Id 309679

Troubleshooting Tip: VPN IPsec are down cause iked UDP ports 500 and 4500 was taken by another process

Description This article describes how to diagnose a random scenario where the VPN IPsec cannot come up cause the ports 500, and 4500 were assigned to another process different from the iked.
Scope FortiGate v6.4.x.
Solution

Run an ike debug but not display information:

 

diagnose debug application ike -1
diagnose debug enable

 

4-debug not showing information.png


Try to reboot the iked process, the issue is not fixed, a message mentioning that port 4500 is used can appear:

 

1-reboot of the process.png


Run the command and see if port 4500 is used by another service:

 

diagnose sys udpsock

 

2-imagen del hasync.png


Possible workarounds:

  • Make a failover of the slave in case you are in HA topology.
  • Reboot the FortiGate with the issue.


The UDP ports 500 and 4500 are assigned to iked process when VPN IPsec is not under this scenario.

 

3-iked running correctly.png
180
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.