Hi guys,
I have a 310B cluster connected with a dozen of fortigates 60/80c through IPSEC tunnels.
A lot of tunnels are UP and are traffic OK.
But for an unknown reason, some other tunnels remains UP, traffic is ok only by one side, the other I have 0kb in Inbound 60/80 interface.
310 > 60/80 = KO
60 > 310 = OK
The configurations didn't change, but traffic some times doesn't work anymore.
Someone any idea ?
Thanks all !
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Can you sniff for protocol 50 traffic, to see if payloads are making it in both directions (or not)?
diag sniff pack wan1 "proto 50" 4
Regards, Chris McMullan Fortinet Ottawa
From FGT 1
Christopher McMullan_FTNT wrote:Can you sniff for protocol 50 traffic, to see if payloads are making it in both directions (or not)?
diag sniff pack wan1 "proto 50" 4
FW1 # diagnose sniffer packet wan1 "proto 50" 4
interfaces=[wan1]
filters=[proto 50]
0.645633 wan1 -- 192.168.99.254 -> 125.82.62.18: ip-proto-50 116
0.645716 wan1 -- 192.168.99.254 -> 125.82.62.18: ip-proto-50 116
0.645755 wan1 -- 192.168.99.254 -> 125.82.62.18: ip-proto-50 116
1.295463 wan1 -- 192.168.99.254 -> 125.82.62.18: ip-proto-50 116
1.309867 wan1 -- 192.168.99.254 -> 125.82.62.18: ip-proto-50 116
1.418372 wan1 -- 192.168.99.254 -> 125.82.62.18: ip-proto-50 116
2.308222 wan1 -- 192.168.99.254 -> 125.82.62.18: ip-proto-50 116
2.323156 wan1 -- 192.168.99.254 -> 125.82.62.18: ip-proto-50 116
3.322189 wan1 -- 192.168.99.254 -> 125.82.62.18: ip-proto-50 116
3.337118 wan1 -- 192.168.99.254 -> 125.82.62.18: ip-proto-50 116
3.430819 wan1 -- 192.168.99.254 -> 125.82.62.18: ip-proto-50 116
3.430901 wan1 -- 192.168.99.254 -> 125.82.62.18: ip-proto-50 116
3.430940 wan1 -- 192.168.99.254 -> 125.82.62.18: ip-proto-50 116
13 packets received by filter
0 packets dropped by kernel
FW1 #
From FGT 2
FW2 (Autre) # diagnose sniffer packet port5 "host 124.47.79.15" 4
interfaces=[port5]
filters=[host 124.47.79.15]
5.495922 port5 -- 124.47.79.15.500 -> 125.82.62.18.500: udp 92
5.496241 port5 -- 125.82.62.18.500 -> 124.47.79.15.500: udp 92
10.505199 port5 -- 124.47.79.15.500 -> 125.82.62.18.500: udp 92
10.505385 port5 -- 125.82.62.18.500 -> 124.47.79.15.500: udp 92
15.517360 port5 -- 124.47.79.15.500 -> 125.82.62.18.500: udp 92
15.517554 port5 -- 125.82.62.18.500 -> 124.47.79.15.500: udp 92
20.524145 port5 -- 124.47.79.15.500 -> 125.82.62.18.500: udp 92
20.524334 port5 -- 125.82.62.18.500 -> 124.47.79.15.500: udp 92
25.533544 port5 -- 124.47.79.15.500 -> 125.82.62.18.500: udp 92
25.533731 port5 -- 125.82.62.18.500 -> 124.47.79.15.500: udp 92
30.543820 port5 -- 124.47.79.15.500 -> 125.82.62.18.500: udp 92
30.544016 port5 -- 125.82.62.18.500 -> 124.47.79.15.500: udp 92
12 packets received by filter
0 packets dropped by kernel
FW2 (Autre) #
Reply packets doesn't appear ... good lead thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.