Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Yerlik
New Contributor

Ipsec tunnel

Hi all! Can someone tell me why the ipsec tunnel itself falls everyday? maybe there is a time limit? i notice it in the morning
Tunnell between FortiGate 100F and Mikrotik

1 Solution
srajeswaran
Staff
Staff

Do you see anything on VPN events log?  Is it going down when there is active traffic or during the idle time?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

4 REPLIES 4
srajeswaran
Staff
Staff

Do you see anything on VPN events log?  Is it going down when there is active traffic or during the idle time?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Yerlik

i think it is going down during the idle time (at night when no one working). logs are not saved more 1 hour.

alif

hi @Yerlik,

 

You can enable auto-negotiation under phase2 settings which will keep the tunnel active at all times. Please refer to the below link for details.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Set-the-FortiGate-unit-to-bring-up-IPSec-V...

Regards,
SFA
srajeswaran
Staff
Staff

I think increasing the lifetime to more (~24 hours) along with higher idle-timeout could be tried.

ref: https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/790613/phase-1-configuration

IPsec tunnel idle timer

Define an idle timer for IPsec tunnels. When no traffic has passed through the tunnel for the configured idle-timeout value, the IPsec tunnel will be flushed.

To configure IPsec tunnel idle timeout:
config vpn ipsec phase1-interface
    edit p1
        set idle-timeout [enable | disable]
        set idle-timeoutinterval <integer> IPsec tunnel idle timeout in minutes (10 - 43200).
    next
end
Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Labels
Top Kudoed Authors