Hi,
I have setup an IPSec VPN connection using the wizard on my 90E firewall, I checked the settings and all seems to be valid, now the problem is when ever I connect from the Fortinet client with the DPD option is checked, the connection got established and then it immediately drops, if I go back and remove the check on the DPD everything works fine!
Now some may say that I have a bad line or the connection line has noise or something, but the same connection was working on a Juniper firewall with no problem and the line is crystal clean
Any thoughts on this? also is it OK to disable the DPD in terms of security? or what are the implications of turning it off?
Thanks
DPD verification sends encrypted IKE Phase 1 notification payloads (R-U-THERE messages) to a peer and waiting for DPD acknowledgements (R-U-THERE-ACK messages) from the second site. Those messages are sent - if has not received any traffic during a DPD interval.
If the device does not receive DPD message during the interval, it considers the peer is dead and then removes the Phase 1 security association (SA) and all Phase 2 SAs.
Check time synchronization/settings at FG and Forticlient.
Maybe disabling DPD is not best practice but I think you can run your vpns without DPD check and it will be not an issue.
Dominik Weglarz, IT System Engineer
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1759 | |
1116 | |
766 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.