Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
andybarker
New Contributor II

Created on ‎01-22-2024 12:11 PM Edited on ‎01-22-2024 12:11 PM

FortiOS 7.4.2 Bug Causes IPsec VPN Tunnel Phase 2 Instability

I have had many site-to-site IPsec tunnels working fine for several years until I upgraded to FortiOS 7.4.2. Shortly afterward, my tunnels began dropping connections on random Phase 2 connections. I have had to bring down the phases or entire tunnel to get traffic flowing again many times. I opened a ticket with Fortinet and had three technicians working with me at various times but none found a solution.

 

I finally downgraded to 7.4.1 and all my problems went away. There is obviously a bug in 7.4.2 and I hope Fortinet finds and acknowledges it and fixes it for the next release.

Labels:
42436
78 REPLIES 78
Sandoval
New Contributor II

Created on ‎08-07-2024 12:40 PM

Update 7.6.0 is available, has anyone updated it yet? In the documentation they reported that they resolved the bug.

 

1003830

IPsec VPN tunnel phase 2 instability after upgrading to 7.4.2 on the NP6xlite platform.

2674
Hendrik
New Contributor

Created on ‎08-20-2024 12:44 PM

Cluster update to 7.6.0 last week - since then short interruption for all services (HTTP, SMTP, SSH,...) behind simple firewall rules. After reboot of one device - ha out of sync with problems in read only profiles.

 

Support Ticket note: 7.6 is a point zero release, which we do not recommend for production environments. I suggest considering a rollback to the previously working version.

 

After downgrade to 7.4.4 everything went back to "normal" - with the known issues :(

 

From my point of view 7.6.0 is unusable.

2522
Kangming
Staff
Staff

Created on ‎08-21-2024 02:23 PM Edited on ‎08-21-2024 02:24 PM

Please try the latest 7.2.9GA and 7.4.4GA which should include this fix, bug id #950445, 7.0.16GA will include this bug in the next release, currently, 7.0.15GA still has the problem.

Thanks

Kangming

2481
montie_pl
New Contributor

Created on ‎10-21-2024 11:49 PM

Hey. Does version 7.4.5(Mature) have the same problem? I'm still sitting on 7.4.1 and I'm wondering whether to upgrade to the newer one.

 

Best regards.

1885
0 Kudos
pfit
New Contributor II
In response to montie_pl

Created on ‎10-22-2024 06:38 AM

I haven't been able to move to 7.4.5 because it breaks my Duo RADIUS 2FA.

1860
0 Kudos
aguerriero
Contributor II
In response to pfit

Created on ‎10-22-2024 06:53 AM

I got hit with that on 7.2.10, but was able to update the fortiauthenticator to 6.6.2 which supports message authenticator AVP.

Duo just released 6.4.2 yesterday and you can add the message authenticator to Duo now.

1852
0 Kudos
pfit
New Contributor II
In response to aguerriero

Created on ‎10-22-2024 08:25 AM

Thanks, aguerriero, I just installed 6.4.2 and can confirm that it's working for me. Now we'll get the rest of the firewalls updated.

1846
0 Kudos
Forti-Wizard
New Contributor

Created on ‎12-19-2024 05:46 AM

I have the same problem on 7.4.5, but with only a single phase 2 selector. All other phase 2 selectors are okay. The issue does not occur if I uncheck "Auto-negotiate" on the phase 2 connector.

1252
0 Kudos
OLiH
New Contributor II
In response to Forti-Wizard

Created on ‎12-19-2024 06:00 AM

Same here. The issue is *NOT* fixed. The issue happens infrequently on the phase 2 that has the largest amount of traffic.

1233
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.