Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Philippe
New Contributor

INCOMING CONNECTION, VIP ,IPSEC problem

We’re having a problem with our Incoming connections on the fortigate. So we’ve a couple of VIP’s and ipsec tunnels Suddenly https/ssh/.... traffic to a server with a vip and port forwarding the traffic drops. Also mgmt actions on the web gui of the fortigate using ipsec tunnel suddenly doesn’t work anymore. We’ve openend a ticket 4weeks ago with fortinet What we see is “”no session match” in the debug flow. They think it’s the npu unit of the fortigate with a bug. I downgrade in a couple steps from 6.2.3 to 6.0.5 without succes. So we think it’s a worng setting ... someone that can help us?
1 REPLY 1
Dave_Hall
Honored Contributor

Sounds like the regular administration access ports may need to be changed if they conflict or interference with any of the ports on your VIP/IPSec tunnels. 

 

From the CLI, you can check/set the management port access as follows:

 

config system global   set admin-idle-timeout <integer>   set port-http <integer>   set port-https <integer>   set port-ssh <integer>   set port-telnet <integer> end As for the interface admin access setting (mgmt as an example):

 

config system interface     edit "mgmt"         set allowaccess ping https ssh http fgfm     next end

And from the GUI:

 

 

 

 

 

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors