Hello,
I am experiencing a strange issue with FortiClient VPN 7.4 and FortiGate 7.6
I've configured an IPSec Dialup server on specific public IP using certificates + xauth + no split tunnel (using aggressive mode).
Connection is fine and works as expected, but when I click on Disconnect (on client side), I got the disconnection on client but on fortigate connection is still shown as ACTIVE until dpd kill it. I checked on client side using wireshark but cannot see any packet going out when clicking on disconnect.
Is this the right behavious or I missed something?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
hello
please refer to the document related to Dead Peer Detection (DPD)
If there is incoming data traffic on ANY phase 2 selector from the IKE peer, FortiGate WILL NOT send DPD_R_U_THERE under any circumstance.
If phase1 configuration has 'set dpd on-idle': FortiGate will send DPD_R_U_THERE if it does not receive any IPsec (data) traffic from the remote peer. If multiple IPsec (phase 2) selectors are configured but only one has incoming data traffic, no DPD will be sent. If no IPsec SA is available, FortiGate WILL send DPD.
If phase1 configuration has 'set dpd on-demand': This is the default configuration. The behavior is like DPD 'idle', but with the additional requirement that FortiGate will only send the DPD_R_U_THERE if it has also sent data traffic over the IPsec tunnel during the previous DPD interval.
The device does not check whether the incoming traffic is related to the outgoing traffic. If there is incoming traffic on one phase2 selector and outgoing on another, FortiGate WILL NOT send DPD_R_U_THERE. If no phase2 selector is available, FortiGate WILL NOT send DPD.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1593 | |
1045 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.