Hello all. A lot of remote access IPsec clients see random phase2 down messages. I was wondering how do i go about getting to the root cause of each phase2 down instance? I'd like to know if it was just due to DPD deciding FGT can't see the client for a period of time so it yanks the tunnel down or whatever else might cause it. Usually when DPD's the culprit, I see log messages about it prior to the phase2 down message. Can anyone point me in the right direction?
Solved! Go to Solution.
if you happen to have some FOrtinet logging device connected to your FGT you could look into vpn event log there.
Works fine here on our FortiManager.
[strike]If not you could only look at ipsec debug log on cli instead as I don't think that this is in standard event log.[/strike]
Correction: you see it on the FGT in the Log&Report menue under vpn events.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
I don't think the logs will be useful on telling you why a phase2 went down. Not sure on what you striving to get at. So many factors can determine why a vpn is disconnected, imho
Ken Felix
PCNSE
NSE
StrongSwan
if you happen to have some FOrtinet logging device connected to your FGT you could look into vpn event log there.
Works fine here on our FortiManager.
[strike]If not you could only look at ipsec debug log on cli instead as I don't think that this is in standard event log.[/strike]
Correction: you see it on the FGT in the Log&Report menue under vpn events.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
I don't think the logs will be useful on telling you why a phase2 went down. Not sure on what you striving to get at. So many factors can determine why a vpn is disconnected, imho
Ken Felix
PCNSE
NSE
StrongSwan
I see. Thank you. I've further familiarized myself with the P1 and P2 negotiation process since my last post and now have a better understanding of what either phase needs in order to successfully complete and then remain active. I believe my disconnects were largely due to DPD failures. I wonder if I can use Link Monitors on remote access VPNs.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.