Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mahiragil
New Contributor

Two Fortigates experience no traffic passing to remote P2P VPN

I have two separate data centers running FG pairs, a 101 and 201. One is running 6.2 and the other is running 6.4. Running 20-30 VPN tunnels on each set. I am seeing issues with only 1 remote VPN on each Fortigate, one a Meraki and one a Sonicwall. VPNs have been running over a year clean.

The VPN in question is up on both phases. I see traffic coming in from the remote site, but the application is not recognizing the traffic(running tcpdump on the application server, i see traffic hitting the correct port.) I am unable to ping/access the other side of the VPN. Packet captures on the VPN interface show traffic leaving the Fortigates, but the other party does not see it. Since packet captures are showing traffic leaving the Fortigates, blame is placed on the remote VPN via support. I can't really place blame on the other VPN, since the exact same behavior is seen on two different firewalls, running two different firmwares, in two separate data centers. VPNs have been rebuilt on the remote side with no difference in behavior.

Anyone seen this behavior before?

1 REPLY 1
Toshi_Esumi
Esteemed Contributor II

You wrote "the exact same behavior is seen on two different firewalls". What exactly did you mean? Is the traffic over the tunnel, ex. ping packets, from the server behind the FGT showing up on Meraki and Sonicwall side? And ping responses from the destinations are leaving those FWs into the tunnel?

 

Toshi