Hi Community,
We have 2 IPsec Tunnels (Tunnel 10 and Tunnel 20) between Fortigates (Remote and Concentrator) with only 1 Phase 2 Selector configured and auto-negotiate disabled. Both tunnels are working as expected where we have connectivity from both sides.
Tunnel 10 is presenting 2 Phase-2 Selectors via GUI und CLI, where the first Phase-2 is UP and the second one is DOWN. We have already deleted the entire Phase 2 Interface and reconfigured it, restarted the entire cluster (A-P) and nothing helps.
We really don´t understand why there are 2 Phase Selectors in a scenario where we have only 1 configured, please any idea how to troubleshooting and solve this issue?
FortiOS 6.4.11 and keep in mind that Tunnel 20 with the same setup in the same device has not this issue and we have several others FGT with the same setup and also not presenting this issue.
I really appreciate any comments, thank you!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Problem solved! Destination Address mismatch between FGTs where we had x.x.x.0 instead x.x.x.128, so FGT Remote set the original Phase 2 Selectors DOWN creating automatically another Phase 2 Selector excluding the wrong network. Adjusting the object automatically Phase 2 Selectors were adjusted having only one there!
Problem solved! Destination Address mismatch between FGTs where we had x.x.x.0 instead x.x.x.128, so FGT Remote set the original Phase 2 Selectors DOWN creating automatically another Phase 2 Selector excluding the wrong network. Adjusting the object automatically Phase 2 Selectors were adjusted having only one there!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.