- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiAP
- FortiClient
- FortiADC
- FortiAnalyzer
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiExtender
- FortiEDR
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiProxy
- FortiPortal
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- The VPN tunnel goes down
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 01-16-2011 04:46 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The VPN tunnel goes down
I have a FortiGate 50B firmware 3.00-b0730 (MR7 Patch 1) with 10 VPN IPSec fully functional (to Cisco devices, jupiter etc.) of my clients, I migrated the VPN to a FortiGate 200B firmware v4.0, build0303, 101214 (MR2 Patch 3) with the same configuration, but i found numerous problems with some device vpn for example with a Cisco ASA 5520 with software release 8.2 (2).
At first, the tunnel is established perfectly, but after a some hours, the tunnel goes down and I have to reset the tunnel.
Why? What has changed from version 3.00-b0730 (MR7 Patch 1) the fully functional version v4.0, build0303, 101,214 of the FortiGate?
thanks
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A couple of questions regarding the new unit:
1) Did you migrate the tunnels over from scratch?
2) Did you copy the config with the tunnels then upgradethe 200B?
3) Did you cut/paste the tunnels into the CLI?
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I did not do copy and paste, I got the new device I upgraded the firmware and then I typed the commands to create the vpn.(with the same parameters).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ FraArm: In the phase 2 definition for the tunnel, try adding: set auto-negotiate enableThis solved my problem, thanks.
Not applicable
Created on 01-25-2011 05:13 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Seems like we have the same issue with our FG1240B, 4.0 MR1 build 5135. If no traffic is flowing in the tunnel, it goes down and we have to manually bring up the tunnel again.
to rwpatterson :
1. No.
2. Yes.
3. We did cut and paste the tunnels via CLI.
Thanks in advance
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello.
I opened a ticket to the FortiGate service center (Type P3), but they do not respond from a week. For me it' s a bug in the new version, ... You know how I can open a complaint in the Headquarter? there Is anyone of the development team of FortiGate in this forum? Help me!!!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ FraArm:
In the phase 2 definition for the tunnel, try adding:
set auto-negotiate enable@rhetsky Please start a new post.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
thanks for the answer, but Is already set :-(
I explained to the FortiGate technician in the ticket, wich the same configuration with the 3 version of the firmware work well.
WHY???
I tried with many configurations but with no result. the technician was connected to my device but nothing...
Are 7 days wich the " technical of fortigate " don' t answer me....How is possible?
I have a disservice from 15 days, and in my company all manager complain with me!!
I think which the FortiGate devices are very professional and of good quality, but the assistance is very poor (in Europe)!
I hope someone of fortigate, do me answer....
I am exhausted!!! [:' (]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
just as a suggestion: if the FG200B is in production environment and management is pressing you, why not downgrade to 3.00MR7 patch 10 (latest) and have it working? You stated that with 3.00 MR7 you had no problems.
You could even put the 50B back into operation and solve the issue in the lab.
One more hint: we had massive problems after upgrading from 4.1.2 to 4.1.6 in that the VPNs came up but failed repeatingly. They couldn' t stay up for more than minutes. It turned out that the firmware version activated IPSec offloading to the NPs. As your 50B doesn' t have NPs but the 200B does, it might be that offloading causes your troubles. There are CLI commands to disable offloading which might be worth trying (conf system npu). Fortinet TAC should be able to help you in this direction.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello ede_pfau,
I can not downgrade because the FortiGate 50B only supports 20 tunnels.
I do not complain to the problem with the vpn, because the problems in this work are ordinary but for the assistance.
They could not tell me that there are problems and are solving them, rather than
bounce the problems?
I pay a regular service, and i do not accept that support will not answer me for 1 week otherwise why I must pay the service?
Thanks for your reply, after I try to apply your suggestion, and I' ll let you know.
Related Posts
- "Config routing table failed" 2 Views
- FortiClient EMS (trial): SSL VPN stopped... 44 Views
- ADVPN with Multi-WAN Without SDWAN 51 Views
- FortiGate with FEX101 IPSec Tunnel flaps 259 Views
- VPN IPSec with SAP 288 Views
Labels
-
fortigate
6,986 -
FortiClient
1,375 -
5.2
801 -
5.4
639 -
FortiManager
607 -
FortiAnalyzer
440 -
6.0
416 -
FortiAP
365 -
5.6
362 -
FortiSwitch
361 -
FortiClient EMS
285 -
FortiMail
271 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
170 -
6.4
128 -
FortiNAC
123 -
FortiGuard
111 -
IPsec
102 -
FortiGateCloud
92 -
SSL-VPN
92 -
FortiSIEM
91 -
FortiCloud Products
86 -
FortiToken
76 -
Customer Service
70 -
4.0MR3
64 -
Wireless Controller
63 -
FortiProxy
48 -
FortiADC
45 -
SD-WAN
43 -
Fortivoice
43 -
FortiEDR
42 -
FortiDNS
37 -
FortiExtender
36 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiSwitch v6.4
32 -
Firewall policy
31 -
FortiAuthenticator
29 -
High Availability
28 -
VLAN
27 -
FortiConnect
24 -
FortiWAN
23 -
ZTNA
21 -
DNS
21 -
FortiConverter
21 -
FortiGate v5.2
19 -
SAML
18 -
BGP
18 -
FortiPortal
18 -
Certificate
18 -
FortiSwitch v6.2
17 -
LDAP
17 -
VDOM
16 -
FortiMonitor
14 -
Authentication
14 -
FortiLink
14 -
Interface
14 -
Logging
14 -
FortiGate v5.0
13 -
Routing
13 -
FortiDDoS
13 -
FortiCASB
12 -
RADIUS
11 -
NAT
11 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Fortigate Cloud
10 -
Virtual IP
10 -
SSO
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Application control
9 -
Web profile
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
WAN optimization
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Traffic shaping policy
6 -
IPS signature
5 -
Packet capture
5 -
Proxy policy
5 -
FortiAP profile
5 -
Automation
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Antivirus profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
Web rating
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
FortiDB
3 -
Intrusion prevention
3 -
Protocol option
2 -
FortiInsight
2 -
NAC policy
2 -
System settings
2 -
Users
2 -
FortiAI
2 -
VoIP profile
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
4.0MR1
1 -
TACACS
1 -
Subscription Renewal Policy
1 -
Replacement messages
1 -
FortiCWP
1 -
FortiNDR
1 -
Schedule
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
DLP sensor
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1016 | |
| 841 | |
| 493 | |
| 440 | |
| 144 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.