I recently installed 60F at one of our Branch sites and running IPsec tunnels back to HQ.
We have 2 honeywell controllers for Builing management that runs the BACnet protocol and these seem to have stopped working over the VPN. These had been working fine over our Cisco DMVPN setup before installing the 60F.
We can ping the 2 BACnet controllers fine but not receiving data from them. I have correct rules in place and removed any security profiles on rules.
I thought it could have the MTU vaulue being too high but its lower than the value we have on the previous tunnels.
Also to note, these did work for a period of days over the FGT but was flaky until 7.0.9 installed and now nothing!
Getting a bit of heat from Management to get this resolved ASAP.
Anyone came across any BACnet issues like this before?
Cheers
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi, When traffic is active it pass to the correct policy? What you see in Log forward?
Use, in cli, the debug Flow and see what are the operation executed from fortigate from your problematic source:
diagnose debug disable diagnose debug flow trace stop diagnose debug flow filter clear diagnose debug reset diagnose debug flow filter addr [IP] diagnose debug flow show console enable diagnose debug flow show function-name enable diagnose debug console timestamp enable diagnose debug flow trace start 999 diagnose debug enable
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1066 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.