After upgrading our FortiGate to v7.4.0 from 6.4.7 (with optional upgrade path 6.4.9 then 6.4.11 ...)
All our IPSEC tunnels are down and phase1 and phase2 are down. At the same time all other config seems to be in place...
We found out that as soon as we choose local gateway "Specify" (our secondary WAN IP) not "Primary IP" the tunnel is down and no communication is happening between our and client FW (all WAN IPs are from one ISPs GW). We can ping clients IP.
Proposals and configuration of P1 and P2 are correct, as I mentioned as soon both sides chooses gateway (our primary IP) tunnel works. Policies are in place, traffic is accesable from both sides when tunnel is up. Routes created.
As I understand there is some misconfiguration or missing setting within FortiGate after upgrade. IPsec tunnel does not work if I choose other WAN as gateway address which means the NAT configuration or something. But at the same time all other resources that are being hosted behind our FW and routed with policies are working.
What could be the possible issues where to look. I tried to find similar issues on forums but no success. Would appreciate any ideas and help.
Our goal was to respond CVE-2023-27997 There for we upgraded our firmware to latest v6 build. But as we found out that tunnels are down and we are unable to bring them up. Decision was made to try upgrade to latest version hopefully issue would be fixed. That did not happen.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.