I have had many site-to-site IPsec tunnels working fine for several years until I upgraded to FortiOS 7.4.2. Shortly afterward, my tunnels began dropping connections on random Phase 2 connections. I have had to bring down the phases or entire tunnel to get traffic flowing again many times. I opened a ticket with Fortinet and had three technicians working with me at various times but none found a solution.
I finally downgraded to 7.4.1 and all my problems went away. There is obviously a bug in 7.4.2 and I hope Fortinet finds and acknowledges it and fixes it for the next release.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The ticket # is 9166522 downgraded to 7.4.1.
Currently waiting for support. 7.43 definitely did not fix the IPsec tunnel issue.
Please welcome Orestis from Fortinet. He is stuck because I cannot provide him with logs (forced to downgrade). Maybe someone can provide logs?
Orestis suggest that we upgrade and trigger the issue to be able to get logs. I am not keen, we need the tunnels UP. Any volunteer?
The next suggestion is to wait for next version.
I do not feel like we are getting support, especially since it is not still acknowledged it is a bug......
Here is the answer:
Hello team
I followed up with the suggested link but without logs I cannot open an engineering report or confirm that this is a bug
I believe that you facing a problem but if we cannot investigate further we cannot specify what the issue is
in this case either create a maintenance window and update and provide us the logs to investigate or wait for the next version
Best regards
Orestis
Thanks for your feedback. Could you share your configuration file with me? I will try reproducing it and file a bug internally to let Dev investigate the cause.
My email is: kmliu@fortinet.com, you could upload the configuration to the ticket or send it to me directly, thank you so much.
Thanks
Kangming
I cannot spend any more time helping Fortinet Support troubleshoot this issue. I gave them five days of my time and many logs, remote sessions, etc. The first two technicians changed how my IPsec VPNs operated, and the third tech said the changes they made were wrong and needed to be reversed to the original settings. None of the changes they made helped at all.
I will be waiting to see if they admit it is a bug and say it is fixed.
Hi andybarker,
Can you share the output of this command?
#get sys status
License Status: Low-Encryption(LENC) ----------------------->
---> FortiOS: 7.4.2
If you match this result, may have matched a known bug.
Thanks
Kangming
I just checked on both of my firewall (200F and 100F), I don't have that License Status line at all. I have the same bug and stuck on 7.4.3 for the vulnerability fixes.
Created on 02-22-2024 11:04 AM Edited on 02-22-2024 11:06 AM
Thanks for your feedback. This should be another problem, but there is no internal bug record yet. Can you share your configuration file with me? I will try reproducing it and file a bug internally to let Dev investigate the cause.
My email is: kmliu@fortinet.com, you could upload the configuration to the ticket or send it to me directly, thank you so much.
Thanks
Kangming
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1669 | |
1082 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.