Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
andybarker
New Contributor II

FortiOS 7.4.2 Bug Causes IPsec VPN Tunnel Phase 2 Instability

I have had many site-to-site IPsec tunnels working fine for several years until I upgraded to FortiOS 7.4.2. Shortly afterward, my tunnels began dropping connections on random Phase 2 connections. I have had to bring down the phases or entire tunnel to get traffic flowing again many times. I opened a ticket with Fortinet and had three technicians working with me at various times but none found a solution.

 

I finally downgraded to 7.4.1 and all my problems went away. There is obviously a bug in 7.4.2 and I hope Fortinet finds and acknowledges it and fixes it for the next release.

64 REPLIES 64
Kangming

It sounds like you have another issue. When there are multiple phase 2, is it normal to only have the traffic of the first phase 2? Other phase 2 unable to pass traffic successfully? Or is there no phase 2 established? Is there some debug information? Can you share your configuration file?

FortiGate # diagnose debug application ike -1

FortiGate # diagnose debug enable


# diagnose sniffer packet any "host x.x.x.x" 4 0 l

Thanks

Kangming

aguerriero

TAC said 7.2.8 is supposed to be released on March 11th and addresses the 7.2.7 known issue with ipsec performance. That was the only reason we upgraded to 7.4.3 over 7.2.7 in the first place.

I will wait for that version.

Kangming

Could you share ticket id? Thanks.

Thanks

Kangming

aguerriero

9296054

aguerriero

TAC now says the 14th.

ddiez
New Contributor III

Let's hope so

KuC
KuC
itmega
New Contributor

Same problem here after upgrade from 7.2.5 to 7.4.3 (build 2573) ! when the next version for 7.4 will be available ?

SectorSheidl
New Contributor

I appear to be seeing the same problem on 7.0.14 on a 90G.

minheplus
New Contributor

Same problem here after upgrade from 7.4.1 to 7.4.3 (build 2573) on 401F ! when the next version for 7.4 will be available ?

BillH_FTNT

Hi @minheplus ,

What is your error output ? Can you share it here ? 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors