We are utilizing a number of Fortigate 61F and Fortigate 71F devices in a site-to-site VPN with Azure. These tunnels have been operating stably for quite some time, but now we have a few that are performing strangely. The tunnel remains 'up' and active but stops passing traffic. Logging indicates a Phase 2 rekey but no error is seen, no problems found, no interface drops, etc.
Any suggestions on what else to check, as logging is proving fruitless as we cannot see any errors or drops or failures, Phase 1 never fails, and Phase 2 rekey is the only indication we see.
I thought perhaps it was a problem with the carrier at the site, but this is happening across multiple sites and carriers... any thoughts that may point us in the right direction?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
What is FortiOS version?
What do you get with:
exec traceroute ...
diagnose sniffer packet ...
Hi Sir,
Thank you for posting your query here!
You need to first take the packet capture on the FGT side by using the sniffer as below:
dia sniffer packet any " host <DST IP> and icmp " 4 0 l
!
REF: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Packet-capture-sniffer/ta-p/198313
Then generate ICMP packet from the source behind the FGT to the destination behind the Azure.
Best regards,
Piyush
Hi @KMontgomery,
Can you try to run the following debug to see if traffic is allowed and passing through the tunnel correctly:
diag debug reset
diag debug flow filter addr X.X.X.X (replace with destination IP)
diag debug flow filter proto 1
diag debug flow show ip en
diag debug flow show func en
diag debug console time ena
diag debug ena
diag debug flow trace start 999
Regards,
Hello @KMontgomery ,
Please check if the Phase 1 and Phase 2 timers are matching on both sides of the tunnel.
You can also try recreating the tunnel to see if that helps with issue.
Can you also share the rekey error that you see?
Also did you perform any upgrade recently on the fortigate?
Regards,
Varun
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.