We encountered a issue with site-to-site VPN to Azure Virtual WAN using FG301e.
VPN can be established without any issue, but it is disconnected frequently.
On Azure side VPN log, the reason of disconnection is DPD timeout.
I put L2 switch between FG301e and ISP router and captured packets, and found out that DPD packets were arrived to FG301e (at least to L2 switch) but FG301e did not respond to it. (FG301e responds to DPD packets most of time, but it stops responding for 10-30secs suddenly and Azure detects DPD timeout.)
On FG301e IKE debug log, there was no logs of DPD packets which must have arrived to it.
We replaced UTP cable and FG301e unit, but situation did not changed.
We have more than 20 Fortigate firewalls and 301e is used only in this site. Other models(not 301e) are working with no issue.
Some of the VPN settings are as follows.
NAT-T: disabled
DPD: On-demand
AUto-nego: Enabled
Phase2 selector: 0.0.0.0/0 (for both local/remote)
Did anyone experienced similar problem like this?
Any suggestions applicated.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Could you try enabling DPD always-on instead of on-demand, as this will send DPD packets more frequently and may help detect and recover from connectivity issues more quickly.
Also, check the FortiGate's system logs to see if there are any errors or warnings related to the VPN connection or network connectivity.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1731 | |
1105 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.