Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MustphaBassim
New Contributor III

Created on ‎05-07-2023 09:48 PM

IPsec still up

Hello Dears

 

I have two IPsec tunnels one of them is main and the second is backup sometimes when an issue on main tunnel like phyiscal interface goes down it is not update on Firewall i meant when I go to see the tunnel traffic it is show me the tunnel is up and everything is ok while it must be down because the interface is down so anyone could help me on that ?

 

Best Regards

Labels:
1444
0 Kudos
1 Solution
srajeswaran
Staff
Staff

Created on ‎05-07-2023 10:41 PM

Please configure DPD , it monitors if the peer is up and then takes the action bring down/up the tunnel.

 

https://community.fortinet.com/t5/FortiClient/Technical-Tip-Configuring-DPD-dead-peer-detection-on-I...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

1432
0 Kudos
6 REPLIES 6
srajeswaran
Staff
Staff

Created on ‎05-07-2023 10:41 PM

Please configure DPD , it monitors if the peer is up and then takes the action bring down/up the tunnel.

 

https://community.fortinet.com/t5/FortiClient/Technical-Tip-Configuring-DPD-dead-peer-detection-on-I...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
1433
0 Kudos
MustphaBassim
New Contributor III
In response to srajeswaran

Created on ‎05-07-2023 11:12 PM

Thnx dear for reply , in this case we need to enabe DPD with "On Demand" since we have traffic on it always ? is not it ?

1428
0 Kudos
srajeswaran
Staff
Staff
In response to MustphaBassim

Created on ‎05-07-2023 11:21 PM

Yeah, "on demand" should be enough.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
1421
0 Kudos
MustphaBassim
New Contributor III
In response to srajeswaran

Created on ‎05-07-2023 11:24 PM

thnx for your kind support , one more ask plz is the change of the confiugration on it would impact on IPsec tunnel it is need to be down ?

1415
0 Kudos
srajeswaran
Staff
Staff
In response to MustphaBassim

Created on ‎05-07-2023 11:33 PM

If the peer end don't respond to the dpd, it may bring down the tunnel, so I would recommend it enabling during non-peak hours to make sure the impact is minimal (very unlikely).

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
1414
0 Kudos
MustphaBassim
New Contributor III
In response to srajeswaran

Created on ‎05-07-2023 11:34 PM

Ok dear  thnx for your kind support

1413
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.