Fotigate static routes up with vpn down

Adrian_RN · ‎08-04-2021

Hello I have this problem with my fortigate 100E v5.6.13 that sees vpns up in static routes when in reality vpn is down, and that causes some problemas beacuse its always active that route forwarding traffic to that vpn when its down.

So this can be a bugg or there is a configuration that I not aware of that change the status?

Thank You very much for your help, really appreciate it!

sw2090 · ‎07-07-2023

in your config I see it is a dial up ipsec.

In fact there is an issue in FortiOS: routing and also sdwan seem not to be able to correctly detect the status of a dial up ipsec per default. This had me running into the same issue. Up to now TAC have not acknowledged this being a bug. Community however pointed me to a workaround that seems to work here. I disabled the add-route and create-net-device on the tunnel. Since then it seems to work correctly.

I think that is due to the fact that in default setting the ipsec creates a dedicated virtual interface for each dialup connection which routing and sdwan cannot handle. They just check the base interface.

If you disable create-net-device it does no longer do that.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

Fotigate static routes up with vpn down

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website