Last week we deployed a few Fortigate F models (60F and 100F) to replace D models at a few of our branch sites. At each of these sites an HA pair was put in place.
Fortigate to Fortigate route based IPSec tunnels were established and at least 3 times now, we've gotten calls that the systems were down.
[ul]
I dropped all Phase 2 on the tunnel and when it came back up the issue would be resolved, until the next time.
I verified the IPSec configurations match 100% on both sides, so I'm at a loss. Any suggestions?
Denny
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You need to run "flow debug" at the remote FGT to see why the ping replies are dropped there. I think you have plenty time to research how to run flow debug even if you haven't done before (some document, blogs, etc. available) before it happens next time.
just wondering how you saw this? with regular FortiGate diagnose sniffer you only see traffic entering the VPN tunnel in this case i believe, the next place you would see something is on the local firewall.
diagnose debug flow is worth a try, although i wonder if it will notice this if the traffic does enter the tunnel fine.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.