Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

IPSEC Tunnel Auto Restart

One of my customers is running an IPSEC tunnel between their FG and a vendor's system.  I do not know what the remote side is running.  Starting last week, the tunnel has been dropping for unknown reasons.  Neither of us shows a reason in our logs.  I haven't gotten beyond teir 1 on their end but that person chats with 2 or 3.  It was a worthless call.  Our side simply reports phase 2 down.  It may come back up on its own within a few hours or it may stay down until one of us restarts it.  After the phase 2 down message, there are no failure messages between there and the restart.  I suspect Spectrum may be having issues and causing the drop but can't prove anything yet.  All I have to do is hit bring up and it immediately comes back up.  There's no issue to troubleshoot.  But here's what I really need:  Why doesn't the tunnel immediately try to come back up on its own?  How do I get it to begin to renegotiate as soon as it detects it went down?  I'm running 5.6.13.  

New Contributor



You need to set the auto negotiation in phase 2 to bring up the vpn connection automatically.


For your reference:






After typing 'end' in that command set, I get the following:


node_check_object fail! for phase1name is empty.
Attribute 'phase1name' MUST be set.
Command fail. Return code -56


I haven't found exactly how I'm supposed to get the phase 1 name in this config.

If I do:

   config vpn ipsec phase2

   edit myPhase2Name

   set phase1name myPhase1Name

I'm greeted by the following:

entry not found in datasource
value parse error before 'myPhase1Name'
Command fail. Return code -3


I'm assuming the phase 1 name is the same as the VPN name in the GUI. 




Valued Contributor

you probably want to start with


config vpn ipsec phase2-interface


so add -interface


if you aren't using interface based VPNs try looking at using those, it is the default and works fine in almost all cases.

Top Kudoed Authors