IPSEC Tunnel goes down after scheduled Fortiguard update

DirkDuesentrieb · ‎05-07-2024

Hi,

we are having a strange VPN problem with one IPSEC tunnel of a remote site. All other sites work fine. But this 200F sometimes looses VPN connectivity directly after a scheduled FortiGuard update. This can be seen in the sites eventlog, where the FAZ connection through the tunnel is lost seconds after the update message. The phase2 seems to be broken at that time and the tunnel finally recovers after more than an hour and the FAZ is reachable again.

There is nothing special at this site and all gatways use the same FOS7.0.15.
Have you seen this or have any ideas?

Regards,

Dirk

hbac · ‎05-07-2024

Hi @DirkDuesentrieb,

Have you seen high CPU/Memory at that time? You can run this command 'di deb crashlog read' to see if there was any crash.

Regards,

DirkDuesentrieb · ‎05-07-2024

Hi @hbac
the central SNMP monitoring has a gap during that time, because it needs the tunnel to poll data, so I need to improvise here.
- The local eventlog writes perfmon data every 5 minutes; all with "CPU: 0".
- The "Memory"-widget shows data of the last 24 hours and has no peaks

I found a dump of the dhcpd in the crashlog, but this is unrelated to the event.

Dirk

IPSEC Tunnel goes down after scheduled Fortiguard update

Nominate a Forum Post for Knowledge Article Creation