Hi All,
Recently replaced our juniper firewall with fortigate 30E on one of my site. I am encountering a peculiar problem with the Fortigate 30E firewall IPSEC VPN tunnel. The WAN internet link is connect via PPPoE.
There is a IPSEC VPN tunnel between the 30E to a 200D. Every 2 - 5 days the tunnel will go down by itself and unable to bring up automatically or manual method via the GUI or CLI. The internet is working fine and still accessible during the IPSEC VPN tunnel failure. I have to reboot the 30E fortigate and immediately the IPSEC tunnel will recover and bring up by itself.
200D is connected to multiple IPSEC VPN to various site, all IPSEC VPN tunnel is working without issue except the IPSEC VPN to 30E.
Prior to the replacement of the fortigate 30E . We are already using the IPSEC VPN created using the juniper firewall to the 200D and the connection is stable.
To isolate firmware compatibility issue . I have also create two additional IPSEC VPN Tunnel .
A. 30E to 60D (Same firmware 5.4.1)
B. 30E to 90E
Therefore in total there are 3 IPSEC VPN tunnel . A:30E to 60D B:30E to 90E and C:30E to 200D
Strangely ,when the IPSEC vpn tunnels goes down,sometimes one or two are unable to bring up by themselves, whereas the remaining tunnel will be able to bring up themselves.
Case 1 Example .
A.30E to 60D - (Down, unable to bring up) , B.30E to 90E (UP by itself) , C:30E to 200D (Down, unable to bring up).
Have to reboot the fortigate 30E and immediately all the IPSEC Tunnels (down) will goes up.
Case 2 example.
3 IPSEC VPN goes down unable to bring it up. Reboot is require on 30E to get the IPSEC VPN tunnel to bring up.
This issue has been reported to TA and still pending for 1 month.
Have anyone encountered the same issues before? Will appreciate if anyone can shed some light on this.
Thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Not an intelligent answer but in the past we have FWF60D at one of our own offices with pppoe over a fiber. It's running a main mode IPSec to our 1500D for our MPLS connection. We started with 5.2.3 I think and kept upgrading over a couple of years because it dropped the internet time to time. Almost every time we upgrade it the occurrence became less than previous version. Then after we upgraded it to 5.4.4 earlier this year we stopped getting complaints from the location. Generally I don't recommend 5.4.1. When you consider upgrading it please check the release notes of the target version and check backward toward 5.4.1 to verify the upgrade path and any special instruction. I'm not sure about 30E but I remember 5.4.1 required a flush when upgrading it to a higher version.
Very weird problem, i have two units running on 5.4.1 (IPSEC VPN) to my 5.01 firmware not shall issue.
Only the 30E unit is causing problem.
Anyone encountered shall problem? Please let me know
Hi. Is all your tunnels site to site? Or is it hub and spoke?
We had a similar issue with our enviroment. The solution there was to upgrade to 5.4.5 or higher. Our configuration was Hub/Spoke.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.