Hello I have this problem with my fortigate 100E v5.6.13 that sees vpns up in static routes when in reality vpn is down, and that causes some problemas beacuse its always active that route forwarding traffic to that vpn when its down.
So this can be a bugg or there is a configuration that I not aware of that change the status?
Thank You very much for your help, really appreciate it!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
in your config I see it is a dial up ipsec.
In fact there is an issue in FortiOS: routing and also sdwan seem not to be able to correctly detect the status of a dial up ipsec per default. This had me running into the same issue. Up to now TAC have not acknowledged this being a bug. Community however pointed me to a workaround that seems to work here. I disabled the add-route and create-net-device on the tunnel. Since then it seems to work correctly.
I think that is due to the fact that in default setting the ipsec creates a dedicated virtual interface for each dialup connection which routing and sdwan cannot handle. They just check the base interface.
If you disable create-net-device it does no longer do that.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.