Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Fikusir
New Contributor II

Created on ‎09-08-2022 02:23 AM Edited on ‎09-08-2022 02:31 AM

IPSec stop working for a while when uploading file

Hello,

I am definitely lost and need help if possible.

 

Have two FGs connected by IPSec tunnel:

  1. Site A - FG50E 6.2.11 (1Gbit/1Gbit)
  2. Site B - FG100E 6.4.8 (100Mbit/100Mbit)

All traffic run smoothly, but when I transfer via SMB bigger file (50MB for example) on Windows server from site A to site B then it runs few secs and then I see that communication between these two sites is interrupted - all devices on site A are down.

 

The interruption takes usually 3-4 pings and then come back.

 

I also tried to ping 8.8.8.8 from site A during the interruption and it was working properly. It means to me that connectivity is good, but VPN has some problems. Unfortunately I do not see any error in VPN events.

 

During the interruption I tried to ping site B from another site and it is working properly.

 

Do you have any ideas how to find the reason of this issue?

 

Already tried to switch of all UTMs between both sites.

 

Thank you so much, Michal

IT Specialist
IT Specialist
Labels:
1884
0 Kudos
3 REPLIES 3
Vichu_94
Staff
Staff

Created on ‎09-08-2022 02:28 AM

Hi Fikusir

Please try to follow the below link to troubleshoot the issue for Ipsec tunnel 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Troubleshooting-IPsec-VPN-tunnel-errors-wi...

Regards
Vishal P

Vishal P
1880
Fikusir
New Contributor II

Created on ‎09-08-2022 02:37 AM

Seems to be good to me

 

Diagnose A)

UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1406 Metric:1
RX packets:1042134 errors:0 dropped:0 overruns:0 frame:0
TX packets:1096519 errors:1 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:938168424 (894.7 MB) TX bytes:784801561 (748.4 MB)

 

Diagnose B)

if=SESTO_PRAGUE family=00 type=768 index=17 mtu=1406 link=0 master=0
ref=53 state=start present fw_flags=0 flags=up p2p run noarp multicast
Qdisc=noqueue
stat: rxp=1043481 txp=1098022 rxb=938569924 txb=785086536 rxe=0 txe=1 rxd=0 txd=0 mc=0 collision=0
re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0
te: txa=0 txc=0 txfi=0 txh=0 txw=0
misc rxc=0 txc=0
input_type=0 state=3 arp_entry=0 refcnt=53

IT Specialist
IT Specialist
1875
0 Kudos
akristof
Staff
Staff

Created on ‎09-08-2022 05:01 AM

Hi,

I would focus on ESP (UDP/4500) communication when this is happening. I had an experience with very similar problem, tunnel working file, as soon larger file started to be transferred, it got disconnected. I would check if you will be receiving packets on both ends (encrypted packets). In my case, there was ddos protection in one of the customer's DCs that was triggered with higher volume of packets.

Adrian
1845
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.