Hello
We have a FortiGate 60D. Now I see that in the log are often these two errors:
- IPSec DPD failure(dpd_failure )
- IPSec ESP(esp_error) - Recieved ESP packet with unkown SPI
With our FG are 5 IPSec sites connected, but the traffic between our Router and the 5 tunnels is minimal(per tunnel about 8 MB a day). These two errors appear only with the same 2 IPSec tunnels. What I read about the errors, is that they can occur with slow bandwidth. For one of the two problem tunnels that could be the explanation, because the router is over GPRS connected to the internet, but the other tunnel has a VDSL connection, which shouldnt be that slow.
Honestly I dont fully understand these error messages and I dont know what I can do to resolv them. Or otherwise if they cant be resolved I dont understand them enough to say "Oh, thats no problem, these error are there but they make no trouble".
I would be really happy/thankfull, if someone could help me, understand these errors better.
Kind regards
Joel
Hi, Managed to solve the problem of "ipsec dpd failure" I have the some problem Kind Regards,
For item#1, DPD might not be supported or enable on the far-end ipsec-peer
For item#2, are the IPSEC-SA lifetime values set the same?
How often are SPI errors coming in ? Do you have IPSEC-tunnel stabiltity issues or lack of reach ?
Both of these log message are not critical event but ensure both ipsec-peers values are the same enabling DPD only devices that are DPD supported and enable would reduce these messages.
PCNSE
NSE
StrongSwan
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.