Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Adrian_RN
New Contributor

Fotigate static routes up with vpn down

Hello I have this problem with my fortigate 100E v5.6.13 that sees vpns up in static routes when in reality vpn is down, and that causes some problemas beacuse its always active that route forwarding traffic to that vpn when its down.

So this can be a bugg or there is a configuration that I not aware of that change the status?

 

Thank You very much for your help, really appreciate it!

 

 

 

1 REPLY 1
sw2090
SuperUser
SuperUser

in your config I see it is a dial up ipsec.

In fact there is an issue in FortiOS: routing and also sdwan seem not to be able to correctly detect the status of a dial up ipsec per default. This had me running into the same issue. Up to now TAC have not acknowledged this being a bug. Community however pointed me to a workaround that seems to work here. I disabled the add-route and create-net-device on the tunnel. Since then it seems to work correctly.

I think that is due to the fact that in default setting the ipsec creates a dedicated virtual interface for each dialup connection which routing and sdwan cannot handle. They just check the base interface.

If you disable create-net-device it does no longer do that.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors