Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
CodeTron
New Contributor

VPN DPD

Hi,

 

I have setup an IPSec VPN connection using the wizard on my 90E firewall, I checked the settings and all seems to be valid, now the problem is when ever I connect from the Fortinet client with the DPD option is checked, the connection got established and then it immediately drops, if I go back and remove the check on the DPD everything works fine!

Now some may say that I have a bad line or the connection line has noise or something, but the same connection was working on a Juniper firewall with no problem and the line is crystal clean

Any thoughts on this? also is it OK to disable the DPD in terms of security? or what are the implications of turning it off?

 

Thanks

1 REPLY 1
dominikw
New Contributor

DPD verification sends encrypted IKE Phase 1 notification payloads (R-U-THERE messages) to a peer and waiting for DPD acknowledgements (R-U-THERE-ACK messages) from the second site.  Those messages are sent - if has not received any traffic during a DPD interval.

If the device does not receive DPD message during the interval, it considers the peer is dead and then removes the Phase 1 security association (SA) and all Phase 2 SAs.

 

Check time synchronization/settings at FG and Forticlient.

 Maybe disabling DPD is not best practice but I think you can run your vpns without DPD check and it will be not an issue.

Dominik Weglarz, IT System Engineer