- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPSEC tunnel flaps every 2 - 3 minutes
Deploying my 6th fortinet 60e - going not bad. The tunnel on this one flaps every 2 minutes or so. It's a route based VPN with a tunnel interface.
Link monitor: Interface TUNNEL1 was turned down
then a second or so later
Link monitor: Interface TUNNEL1 was turned up
Tunnel is between the 60E and a Juniper SSG550M. All the other Fortinet's are fine so far.
Dead Peer Detection is turned off
How do I figure out WHY the firewall is turning the VPN tunnel down. I'm at a loss why the other 5 work absolutely fine and this one doesn't. The firmware versions are the same and I use the same configuration file for each one of them.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it possible this unit is defective? It has the latest firmware.
The issue occurs on either the WWAN port or the WAN1 port . . .
I have been testing also connecting to the firewall from the external IP - I seem to lose connection that way too, not over VPN, just for a second or two every couple minutes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can do a hardware test to confirm if the device is defective by running the following command via the CLI:
diagnose hardware test suite all
Have you checked to make sure the network/wan link the 60E is using is not the problem?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, I've tried two different links (one cable one LTE modem), both have the exact same issue but only with this particular device.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Were you able to resolve this?
I am having the exact same issue with Fortigate on AWS and Juniper SSG550
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had something like that too:
tunnels did not respond but on FGT were not shown as down.
It turned out they were not down but the FGT does somewhat suspend the tunnel when there is no traffic on it by default.
Turning on some keep alive feater (I'd have to look it up again if you need it) stopped this.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In my case, tunnel is seen as down in the VPN monitor, and in the VPN events log, you can see every couple of minutes messages of the interface is down/up.
If you can find what solved it for you, it could be helpful, thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
....also make sure that the key lifetime is not too long.