Hey guys,
So I have a site-to-site setup between a 200B and 30E. The spoke site using a 30E with 5.6.4 is configured with DDNS and the hub site using a 200B with 5.2.8 is configured to receive the DDNS name site.fortiddns.com. After configuring the 30E in my lab and establishing the tunnel everything works as expected.
When I break down the 30E and ship it out it takes over 20m to establish the tunnel. I initially saw this as problem running 5.4.6 on the 30E so upgraded to 5.6.4, but it didn't help speed anything up. What I suspect is happening is that the 30E is sending its updates to fortiddns.com. The 200B is taking its sweet time to update the name in Phase 1 which I suspect is the issue.
I do have a ticket open with Fortinet but it takes forever to get responses back. Does anyone have experience with this and able to offer suggestions to speed up the 200B side?
Thanks in advance!
Bret
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
(BUMP)
I have been using DynDNS forever and have never had a lag in resolution on my tunnels. Now, I have never moved my device (FWF80CM). Once set up it has been rock solid. If this unit is going to be moved often, I would force a refresh on the hub side by changing the peer name on the tunnel then changing it back. This will force a DNS lookup and alleviate any hesitation establishing the tunnel.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Thanks for the info RW! I agree DDNS runs rock solid once rolled out. When your working with remote clients plugging new equipment in and it doesn't come up after a couple minutes I think we all tend to worry if something is wrong. When we saw a 20 minute LAG to get the tunnel up it showed cause for concern. In the end it did come up.
That is a good tip changing the peer name to refresh it and it was a thought we considered. We wanted to make it more automated and were not sure if a configuration change could help automate the DDNS update at the hub.
Have a great weekend!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1645 | |
1070 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.