Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jbrule
New Contributor

SYSLOG --- Overlay Controller VPN server communication error

Hello:

 

The following syslog is being generated a lot on my FGT-1000D, and I'd like to make it stop.  I'm not using Overlay Controller VPN's.  Can somebody shed some light on what I need to do, to stop the communication which is apparently generating these logs?

 

date=2020-04-24 time=15:33:13 devname="NPU-FGT1000D-FW1" devid="FGT1KDxxxxxxxxxx" logid="0101053103" type="event" subtype="vpn" level="error" vd="root" eventtime=1587756793216377234 tz="-0400" logdesc="Overlay Controller VPN server communication error" msg="Overlay Controller VPN communication error (Unregister)" status="failure"

 

This is a FGT-1000D - v6.4.0 build1579 (GA)

 

Thank you.

 

[style="background-color: #ffff00;"]Update 04/28/2020:[/style]

Case has been opened with support.  We'll see what they have to say.

OCVPN is disabled, yet the firewall is still trying to send some sort of registration messages.  A "diag vpn ocvpn log" will show you what I mean, if this is happening to you.

 

OCVPN disabled in CLI and GUI.

[left]XXX-FGT1000D-FW1 (ocvpn) # get [style="background-color: #ffff00;"]status              : disable[/style] role                : spoke multipath           : enable sdwan               : disable wan-interface       : "portA" overlays: auto-discovery      : disable poll-interval       : 30[/left]

 

 

4 REPLIES 4
SanZ
New Contributor

It sounds like there is a lot of information missing. it is hard to guess the right solution just from little info. However below are few links I would start with: 

 

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/496884/overlay-controller-vpn-ocvpn

 

https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-logging-reporting-54/config-log-adva...

Raffaele
New Contributor

Hi @jbrule

same situation here with fortigate 60e with latest firmware.

OCVPN disabled in CLI and GUI but produce a lot of notification .

u have some news?

 

jbrule

@Raffaele

Opened a case with support.  They kicked it up to developers.  Looks like a bug.

jbrule
New Contributor

Support provided the following workaround, and it does resolve the issue.  Root cause to be addressed in future release.

 

Enter the following commands:

 

config vpn ocvpn unset ha-alias end

Note: If you are running VDOMS, this should be run in each vdom.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors