There was a power outage at our remote site and since then the IPsec tunnel appears to only work in one direction. My remote users can access local resources, but I cannot so much as ping anything on the other side of the remote firewall. I am able to interface with the remote firewall through its web interface. I can also ping the remote devices from the remote firewall but not directly from my computer. We use a site-to-site IPsec VPN tunnel. The remote side is behind a NAT. The problem appears to be with the remote firewall, but I cannot see any policies that could be blocking my local computer from interfacing with the remote computers. The local and remote computers are on different subnets, but I have policies that should be allowing them to talk. I updated to the latest firmware update and no change either. The local firewall has not been updated.
Any ideas on what the culprit could be?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Unidirectional traffic can only be connected to the policy not working in that direction. Edit the corresponding policy, change a value, save, re-edit, restore the original value, save. If that doesn't help, I suspect more damage to the remote FGT.
[strike]But how am I able to access the remote firewall yet I cannot communicate with any device on the other side of it?[/strike]
A colleague of mine helped me figure out the issue. Earlier in the week, I hastily created a separate subnet for a Windows server 2000 for a contractor to remote into. This subnet happened to comprised the hosts that I was wanting to connect to and were being blocked by another policy. When the power outage happened, the implicit deny prioritized this traffic.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.