Help
FortiSASE
FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.
jiyong
Staff
Staff

Created on ‎04-21-2025 08:24 AM Edited on ‎06-25-2025 03:10 AM By Moderator

Article Id 388417

Troubleshooting Tip: FortiSASE VPN connection timeout with VPN event log 'phase 1 negotiate failure'

Description This article describes account synchronization between different POPs.
Scope FortiSASE.
Solution

The primary PoP for FortiSASE instances is the Hong Kong PoP, and the secondary PoP is the Tokyo PoP. However, the clients cannot access FortiClient through the Tokyo PoP.


When the client accesses a new account to log in from FortiClient, the following log occurs:

 

FortiSASE VPN Event Log:


date=2025-04-17 time=01:54:42 id=7410004650160971802 itime="2025-04-17 01:54:41" euid=1583

epid=104 dsteuid=3 dstepid=3 logver=702086608 logid=0101037134 type="event" subtype="vpn"

level="notice" action="delete_phase1_sa" msg="delete IPsec phase 1 SA" logdesc="IPsec

phase 1 SA deleted" user="x.x.x.x" remip=x.x.x.x locip=x.x.x.x remport=50102 locport=4500

outintf="port4" cookies="fb05cf06eff4814d/1d1df9d1d6be59db" group="N/A"

xauthuser="test@fortinet.com" xauthgroup="N/A" vpntunnel="default-ipsec"

eventtime=1744854881872111285 tz="+0000" useralt="N/A" advpnsc=0 devid="FGVMPGTM3xxxxxxx"

vd="root" csf="xxxxxxxx" dtime="2025-04-17 01:54:42" itime_t=1744854881 devname="Tokyo_Japan"

 

date=2025-04-17 time=01:54:42 id=7410004650160971801 itime="2025-04-17 01:54:41"

euid=1583 epid=104 dsteuid=3 dstepid=3 logver=702086608 logid=0101037121 type="event"

subtype="vpn" level="error" action="negotiate" msg="negotiate IPsec phase 1"

logdesc="Negotiate IPsec phase 1" user="x.x.x.x" status="failure" remip=x.x.x.x

locip=x.x.x.x remport=50102 locport=4500 outintf="port4" cookies="fb05cf06eff4814d/1d1df9d1d6be59db"

group="N/A" xauthuser="test@fortinet.com" xauthgroup="N/A" vpntunnel="default-ipsec"

result="N/A" peer_notif="NOT-APPLICABLE" eventtime=1744854881872037029 tz="+0000"

useralt="N/A" advpnsc=0 devid="FGVMPGTM3xxxxxxx" vd="root" csf="xxxxxxxx"

dtime="2025-04-17 01:54:42" itime_t=1744854881 devname="Tokyo_Japan"

 

FortiClient Tray Message:

 

Timeout while connecting to turbo-xxxxx.xxxx.xxxx.fortisase.com

 

FortiClient VPN Error.txt:

 

[2025-04-17 01:54:42.9417247 UTC+09:00] [1572:11452] [FortiVPN 1945 error]

fortivpn::StateMachine::HandleTunnelConnectFailed session 1's () vpn connection failed

(reason: "Failed Unknown")
[2025-04-17 01:54:42.9436194 UTC+09:00] [1572:11452] [FortiVPN 2319 error] !!!

fortivpn::StateMachine::HandleTunnelDisconnected session 1 ()

"Secure Internet Access" disconnected unexpectedly!

 

When it was checked with the Fortinet Support Tool, it was checked only in the primary-pop and not in the other-pops.

 

Primary PoP: Hong Kong:


14747 edit "test@fortinet.com"
14748 set type password
14749 set email-to "test@fortinet.com"
14750 set passwd-time 2025-04-16 06:21:10
14751 set passwd ENC 4dqxMbkKR3Czc7YbGJkxfIlSW0P96fQCgJ/PCVMb7BJFG8Kk7rZumOLBYiENAM2ylE4cpOoH33R5x9yyKttpjw3OSir

3paIYqTtBAHUs9fcvEy5w1k4zP6QyBcyt4L+5+UvBDEjBObvAHSMZduWFKE2WDLmjRdvSGyzcTcbaABEzNgvHLq

7yUSS0l8Bjo+Qz/mkVjw==

 

Other PoPs: Tokyo, San Jose, etc.

  • It cannot be found the 'test@fortinet.com' account.
  • It should be uploaded to the corresponding FortiCare support ticket for further analysis by Fortinet’s Support team.
  • The issue is scheduled to be fixed in FortiOS versions 7.4.8, 7.6.4.

 

Labels:
692
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.