Maintaining IPSEC Tunnel up when No Traffic is Generated
i have an FG Firewall connected to FortiManager. This FortiGate establishes an IPSEC tunnel with the local Edge firewall. However, when no traffic from clients is generated, the tunnel remains down. I am looking for a method to keep these tunnels up.
Could anyone provide a method to ensure that the IPSEC tunnels between the FG Firewall and the local firewall stay up even when there is no traffic being generated?
I want to establish and maintain an IPsec connection between the client on the left side and a proxy server on a VPN client, even when the VLAN interface, where the proxy server resides, is not physically connected to a switch or client that generates traffic. This absence of traffic can lead to the IPsec tunnel going down due to inactivity.
I'm looking for a method to keep the IPsec connection active between the client and the proxy server on the VLAN interface, even when there is no real traffic being generated by any connected device:
You can try with DPD settings , see If it is helps.
The FortiGate unit provides a mechanism called Dead Peer Detection (DPD), sometimes referred to as gateway detection or ping server, to prevent this situation and to re-establish IKE negotiations automatically before a connection times out:
Even with Proxy IDs, there still needs to be routes for the remote networks you're trying to reach over the vpn, pointing to the tunnel interface of the vpn. The reason is that though the palo supports proxy-ids like a policy-based tunnel, it's basically a route-based tunnel with proxy-id support.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.