Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dmarques
New Contributor

IPSec VPN keep disconnecting

Hi,

 

We have a Fortigate 600E, in which on latest couple of weeks we've been having a continuous problem with IPSec VPN users being disconnected very often (some within few minutes).

We've been making some testing and users on SSL VPN do not suffer from the same issue, SSL VPN is much more stable than IPSec. Sometimes we have some packet loss, but doesn't disconnect. 

We have about 100 to 200 users on IPSec, and the Firewall capacity is far from being exhausted.

One thing I noted while testing, was that when I connect to the IPSec VPN, then connect to same server in my DC, and do a file copy, the VPN disconnect almost every time without finishing the copy correctly, so seems something stresses out the connection until it disconnects.

 

We're moving some users to SSL so they have more stability, but we're still blind to the root cause of the issue. Anyone experienced something similar and found the root cause?
Or is there any tests that I can try on the Firewall and on the endpoints to find the root cause?


Thanks in advance

5 REPLIES 5
yashwani
Staff
Staff

Have you taken some debugs to see what exactly is happening during the disconnect. 

Regards
yashwani
dmarques
New Contributor

Hi, thanks for your reply.
You mean debug from the Forticlient or from the Fortigate?
I got the debug from the Forticlient for example, but it's the first time I see it. Any place where this log is explained? Or what fields should I be looking for on the disconnection phase?
Thanks

FGTuser
New Contributor III

Have you managed to solve this issue? I have the same on 600E 6.4.11. Thanks.

adambomb1219
Contributor III

I had a customer recently that had an ISP that was doing UDP rate limiting.  IPSec uses UDP so the ISP was considering their high UDP usage as a DDOS attack.  

Also do you have the UDP_Flood DoS Policy enabled and configured on the FortiGate?

FGTuser
New Contributor III

none of these :(

I will do some debugs, but it's really difficult to catch this random issue.

Labels
Top Kudoed Authors