What happens here is that our S2S goes down from time to time , if there is no traffic or after specific amount of time , and goes UP under two conditions:
1- If I manually bring it up.
2- If there is a traffic.
How can make it all the time up?
I'm running FGT1000D v.5.6.11
The other side is Checkpoint - not managing it and absolutely will not
And here is my p1+p2 conf:
edit "My_Customer_1" set type static set interface "Cust-1-WAN" set ip-version 4 set ike-version 2 set local-gw 0.0.0.0 set keylife 86400 set authmethod psk unset authmethod-remote set peertype any set passive-mode disable set exchange-interface-ip disable set mode-cfg disable set proposal aes256-sha1 set localid '' set localid-type auto set auto-negotiate enable set negotiate-timeout 30 set fragmentation enable set dpd on-idle set forticlient-enforcement disable set comments '' set npu-offload enable set dhgrp 2 set suite-b disable set eap disable set wizard-type custom set reauth disable set idle-timeout disable set ha-sync-esp-seqno enable set auto-discovery-sender disable set auto-discovery-receiver disable set auto-discovery-forwarder disable set encapsulation none set nattraversal enable set fragmentation-mtu 1200 set childless-ike disable set rekey enable set remote-gw 188.8.131.52 set monitor '' set add-gw-route disable set psksecret ENC set keepalive 10 set dpd-retrycount 3 set dpd-retryinterval 20 next
set phase1name "My_Customer_1" set proposal aes128-sha1 aes256-sha1 3des-sha1 aes128-sha256 aes256-sha256 3des-sha256 set pfs disable set replay disable set auto-negotiate enable set auto-discovery-sender phase1 set auto-discovery-forwarder phase1 set keylife-type seconds set encapsulation tunnel-mode set comments '' set protocol 0 set src-addr-type subnet set src-port 0 set dst-addr-type subnet set dst-port 0 set keylifeseconds 43200 set src-subnet 172.26.134.96 255.255.255.240 set dst-subnet 172.22.0.0 255.255.0.0
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.