- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: PING on VPN IPSec Azure works only two time
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PING on VPN IPSec Azure works only two time
Hi all,
I have a problem on a location connected in VPN IpSec.
I have configured all the interfaces and policy and everything seems working good.
From the server AD I can ping all the clients connected on the location, the problem is from client to server AD where only two ping are replied, then all requested are dropped.
Here you can find the diag sniffer on Firewall of that location:
FG100E4Q17011401 # diag sniffer packet arena "host 10.1.11.42 and icmp"
interfaces=[arena]
filters=[host 10.1.11.42 and icmp]
6.091341 10.1.11.42 -> 10.0.0.12: icmp: 10.1.11.42 udp port 54317 unreachable
27.833930 10.1.11.42 -> 10.0.0.12: icmp: 10.1.11.42 udp port 64483 unreachable
35.928811 10.1.11.42 -> 10.0.0.12: icmp: echo request
35.971478 10.0.0.12 -> 10.1.11.42: icmp: echo reply
36.930628 10.1.11.42 -> 10.0.0.12: icmp: echo request
36.972687 10.0.0.12 -> 10.1.11.42: icmp: echo reply
48.690416 10.1.11.42 -> 10.0.0.12: icmp: 10.1.11.42 udp port 64556 unreachable
69.547030 10.1.11.42 -> 10.0.0.12: icmp: 10.1.11.42 udp port 55918 unreachable
91.325987 10.1.11.42 -> 10.0.0.12: icmp: 10.1.11.42 udp port 60528 unreachable
113.099349 10.1.11.42 -> 10.0.0.12: icmp: 10.1.11.42 udp port 49737 unreachable
^C
11 packets received by filter
0 packets dropped by kernel
As you can look on it, two ping obtain reply, the other sent unreachable. The client IP is 10.1.11.42, the Server IP is 10.0.0.12. Which one has the 64556 port blocked? I suppose that is the 10.1.11.42 but in that client the firewall is off and I cannot understand if the Firewall is blocking something or not.
Could you advice me what I can do in order to find a solution?
Thank you in advance
Lorenzo
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can check the following to see if there some devices causing issues, it might be port exhaustion http://kb.fortinet.com/kb...ternalId=FD33056
[ul]Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi and thank you for your answer.
I run a diag sys session stat but I not understand how to resolve with this.
Here you can find the results:
FG100E4Q17011401 # diag sys session stat
misc info: session_count=2210 setup_rate=19 exp_count=50 clash=10
memory_tension_drop=0 ephemeral=0/196608 removeable=0
npu_session_count=637
nturbo_session_count=0
delete=0, flush=0, dev_down=0/0 ses_flush_filters=0
TCP sessions:
50 in NONE state
492 in ESTABLISHED state
2 in SYN_SENT state
1 in SYN_RECV state
3 in FIN_WAIT state
29 in TIME_WAIT state
7 in CLOSE state
82 in CLOSE_WAIT state
firewall error stat:
error1=00000000
error2=00000000
error3=00000000
error4=00000000
tt=00000000
cont=00a557e5
ids_recv=0858cca9
url_recv=00000000
av_recv=90954a71
fqdn_count=00000006
global: ses_limit=0 ses6_limit=0 rt_limit=0 rt6_limit=0
I found the possible error blocking me: is a Deny DNS error. Strange (because the first two ping are allowed). Could you be helpfull?
ActionDeny: DNS errorPolicy3Policy UUID39e02e9a-d838-51e7-47d0-4c2f5ecb4c2dPolicy Typepolicy
Related Posts
- FortiClient Azure SSO VPN issues 43 Views
- FortiClient Vpn 311 Views
- Trouble Receiving DHCP Packet Over S2S... 224 Views
- FortiClient and T-Mobile 160 Views
- FortiClientVPN 7.x is not working properly... 338 Views
Labels
-
FortiGate
6,445 -
FortiClient
1,286 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
410 -
5.6
362 -
FortiSwitch
330 -
FortiAP
326 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
66 -
4.0MR3
64 -
Wireless Controller
57 -
SSL-VPN
53 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
ZTNA
15 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
DNS
11 -
Interface
11 -
BGP
10 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
Intrusion prevention
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.