Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
atsak
New Contributor III

IPSEC tunnel flaps every 2 - 3 minutes

Deploying my 6th fortinet 60e - going not bad.  The tunnel on this one flaps every 2 minutes or so.   It's a route based VPN with a tunnel interface.

 

Link monitor: Interface TUNNEL1 was turned down

then a second or so later

Link monitor:  Interface TUNNEL1 was turned up

 

Tunnel is between the 60E and a Juniper SSG550M.    All the other Fortinet's are fine so far.

 

Dead Peer Detection is turned off

 

How do I figure out WHY the firewall is turning the VPN tunnel down.   I'm at a loss why the other 5 work absolutely fine and this one doesn't.    The firmware versions are the same and I use the same configuration file for each one of them.

8 REPLIES 8
atsak
New Contributor III

Is it possible this unit is defective?  It has the latest firmware.

 

The issue occurs on either the WWAN port or the WAN1 port . . .

 

I have been testing also connecting to the firewall from the external IP - I seem to lose connection that way too, not over VPN, just for a second or two every couple minutes.

 

neonbit
Valued Contributor

You can do a hardware test to confirm if the device is defective by running the following command via the CLI:

 

diagnose hardware test suite all

 

Have you checked to make sure the network/wan link the 60E is using is not the problem?

atsak
New Contributor III

Yes, I've tried two different links (one cable one LTE modem), both have the exact same issue but only with this particular device.

Eyals
New Contributor

Hi,

Were you able to resolve this?

I am having the exact same issue with Fortigate on AWS and Juniper SSG550

sw2090
Honored Contributor

I had something like that too:

 

tunnels did not respond but on FGT were not shown as down.

It turned out they were not down but the FGT does somewhat suspend the tunnel when there is no traffic on it by default. 

Turning on some keep alive feater (I'd have to look it up again if you need it) stopped this.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Eyals
New Contributor

In my case, tunnel is seen as down in the VPN monitor, and in the VPN events log, you can see every couple of minutes  messages of the interface is down/up.

If you can find what solved it for you, it could be helpful, thanks.

trchia
New Contributor

trchia
New Contributor

....also make sure that the key lifetime is not too long.

Labels
Top Kudoed Authors