Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
davy003
New Contributor

Created on ‎02-12-2020 02:42 AM

Problem (LOG) with Fortigate 200E

Hi guys,

 

i already had S2S ipsec to a company that it was working , now i deleted these ipsec because we don't want to work together but i have still this log. why ?    

 

02-10-2020    11:43:20    User.Error      date=2020-02-10 time=11:43:20 devname="Fortigate 200E" devid="FG200ETK189120" logid="01010324" type="event" subtype="vpn" level="error" vd="root" eventtime=15813300 logdesc="IPsec phase 1 error" msg="IPsec phase 1 error" action="negotiate" remip=****** locip=****** remport=522 locport=522 outintf="wan1" cookies="c38065091/0000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A" status="negotiate_error" reason="peer SA proposal not match local policy" peer_notif="NOT-APPLICABLE"

-------------------------------------------------------------------------------------------------------------------------------

02-11-2020    09:16:18    User.Error    date=2020-02-11 time=09:16:17 devname="Fortigate 200E"

devid="FG200ET20" logid="010108"  type="event" subtype="vpn" level="error" vd="root" eventtime=15814077 logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=******* locip=****** remport=522 locport=522 outintf="wan1" cookies="018d8587b/0000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A"  status="failure" init="remote" mode="main" dir="inbound" stage=1 role="responder" result="ERROR"

 

Best Regard

 

 

4063
0 Kudos
1 REPLY 1
ede_pfau
SuperUser
SuperUser

Created on ‎02-12-2020 08:45 AM

It basically says there is an IPsec VPN connection attempt but the policy is missing. Most probably the other side still has it's VPN configuration in place and tries to reconnect. You can verify this by looking at the remote IP.

If it's not the other site, it's some rogue connection attempt. These are quite frequent and common nowadays. If it bothers you, you can write a local-in policy to block this host.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
3089
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.