Fortinet Community

Yerlik · ‎02-06-2023

Hi all! Can someone tell me why the ipsec tunnel itself falls everyday? maybe there is a time limit? i notice it in the morning
Tunnell between FortiGate 100F and Mikrotik

srajeswaran · ‎02-06-2023

Do you see anything on VPN events log? Is it going down when there is active traffic or during the idle time?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

srajeswaran · ‎02-06-2023

Do you see anything on VPN events log? Is it going down when there is active traffic or during the idle time?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Yerlik · ‎02-10-2023

i think it is going down during the idle time (at night when no one working). logs are not saved more 1 hour.

alif · ‎02-12-2023

hi @Yerlik,

You can enable auto-negotiation under phase2 settings which will keep the tunnel active at all times. Please refer to the below link for details.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Set-the-FortiGate-unit-to-bring-up-IPSec-V...

Regards,
SFA

srajeswaran · ‎02-11-2023

I think increasing the lifetime to more (~24 hours) along with higher idle-timeout could be tried.

ref: https://docs.fortinet.com/document/fortigate/7.2.3/administration-guide/790613/phase-1-configuration

IPsec tunnel idle timer

Define an idle timer for IPsec tunnels. When no traffic has passed through the tunnel for the configured idle-timeout value, the IPsec tunnel will be flushed.

To configure IPsec tunnel idle timeout:

config vpn ipsec phase1-interface
    edit p1
        set idle-timeout [enable | disable]
        set idle-timeoutinterval <integer> IPsec tunnel idle timeout in minutes (10 - 43200).
    next
end

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Fortinet Community

Ipsec tunnel

To configure IPsec tunnel idle timeout: