Dear All.
We've encountered packet drop issues on the IPsec VPN tunnel between our FortiGate and AWS after upgrade FortiOS v7.4.3. Disabling the 'NPU Offload' has alleviated some of the packet loss problems, but we're still experiencing frequent packet loss, averaging around 5-6%.
In order to address this persisting issue, could you please provide some solutions or recommendations for resolving it?
With regards,
Bhaskar Rao
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @bhaskarrao,
Did you try disabling 'replay detection'? There is a known issue with bug ID 1003830. Please refer to https://docs.fortinet.com/document/fortigate/7.4.3/fortios-release-notes/236526/known-issues
Regards,
We did disable that option in phase-2, but unfortunately, the issue persists unchanged. We haven't seen any improvement despite our efforts.
is there any other workaround to fix this issue.
Do you have multiple tunnels going to AWS or just one? You can take packet captures on both sides to see where the packets are lost.
Regards,
Just adding that this still has not been fixed in 7.4.4.
Hello,
What model is your FGT device?
Is the tunnel between physical FGT and FGT located in AWS?
Any logs being generated on the end devices such as ESP packet errors, HMAC validation errors that coincide with the drops you experience?
If the device is a F series FGT disabling offloading and replay detection should resolve the issue.
Created on 05-16-2024 08:30 PM Edited on 05-16-2024 08:50 PM
Hi,
The FGT model is 500E and IPsec VPN tunnel between FGT and AWS.
We tried disabling offloading and replay detection but issue remain same.
Please find the log file for your reference.
Hi,
The FGT model is 500E and IPsec VPN tunnel between FGT and AWS. We have tried disabling offloading and replay detection but issue remain same.
Please find the log for your reference.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.