Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Problems in Tunnel Mode

Hello people, i am having an Issue with 2 FG60 Units, FG60 and FG60B. Both are configured to have an permanent tunnel opened. The Computers behind the FG60B need to have access to the Domain located behind the FG60 on an permanent setup. Active Directory, Mailserver, Microsoft Office Applications. The Tunnel seems to run fine, until some point, 10:14am one of the 2 Computers behind the FG60B looses connection to the Domain Network. If i try to open Adresses located on the DC there is no response, local device name already in use. Im not able to Ping the Server for arround 1 Hour, then all is fine aggain. The 2nd Computer also, runs fine all the time. Theyre both connected to the same devices and changing the malfunctioning Computer diddnt help. It has nothing to do with the 24h Disconnect from the ISP, ive double checked and its early in the morning arrounf 6am. Im sorry for my poor english :) But i really hope someone is able to help me. If more Information is needed i will try to bring it in.
New Contributor III

Did you check oif the VPN on BOTH sides state to be up ? #diag sys tunn stat or GUI Do you have DPD enabled ? Sounds a bit like a asymetric-VPN-blackhole.... where one side terminates the VPN, but the other side doesn' t recognise this. So it waits until rekeying happens OR normally DPD kicks in (must be configured on both sides) and delete the SA. you can also enable ike debugging on both sides to see what both FGTs are doing in terms of " VPN Setup" #diag debug ena #diag debug app ike 3 -R.