After updating the firmware to versions 7.4.2 and 7.4.3, we had instability problems with site-to-site VPNs.
Is anyone else experiencing this problem?
This issue is only affecting one model 100F appliance that we have at our customer.
We updated to version 7.4.2 and the VPNs started to become unstable and because of this we chose to rollback and wait for the correction.
We updated to the latest version, which is 7.4.3, and the appliance presented the same problem again.
In version 7.4.1 the appliance operates normally and the VPNs are not unstable.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Can you run the following commands during the issue :
SSH1:
diag sniffer packet any 'host x.x.x.x and icmp' 4 0 l <---- x.x.x.x host in the other side of the tunnel
SSH2:
diagnose vpn ike log-filter dst-addr4 <Remote_Peer_IP>
diagnose debug application ike -1
diagnose debug console timestamp enable
diagnose debug enable
diag deb disable ---- to stop the debug
SSH3:
diagnose vpn tunnel list name name_of_the_tunnel
diagnose vpn ike gateway list name name_of_the_tunnel
Regards.
Hi @ffranca,
It has been discussed here: https://community.fortinet.com/t5/Support-Forum/FortiOS-7-4-2-Bug-Causes-IPsec-VPN-Tunnel-Phase-2-In...
Regards,
Thank you very much!
I followed the reports and will wait for version 7.4.4 for correction.
Thanks!
Hello,
As a solution for the time being you can disable npu offloading under phase1 configuration:
config vpn ipsec phase1-interface
edit phase-1-nameset npu-offload disable
end
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1647 | |
1071 | |
751 | |
443 | |
214 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.