I have a Fortigate 100e, I was looking at the VPN log and saw some odd entries:
date=2022-08-24 time=15:31:23 eventtime=1661380284231585110 tz="-0700" logid="0101040019" type="event" subtype="vpn" level="information" vd="root" logdesc="L2TP client disconnected" action="disconnect" status="success" msg="Client 154.89.5.116 control connection (id 1) finished"
There's a bunch of entries that show this "disconnect" but there are no messages saying there is a connection. such as "Action=Connect" or "msg=..Started"
has anyone seen this before? does anyone know what this means (in big picture). am I in danger?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello 6sITdept,
If you're not using l2tp in your network then I'll suggest disabling the l2tp, it will resolve your issue,
config vpn l2tp
set status disable
end
To check you can use the below commands:
diagnose debug enable
diagnose vpn l2tp status
diagnose vpn l2tp tunnel
You can go through the below doc to know about l2tp more:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/539712/configuring-l2tp-vpns
https://docs.fortinet.com/document/fortigate/6.2.11/cookbook/386346/l2tp-over-ipsec
Hi 6sITdept,
May I know the device firmware version?
Was there any config changes made recently?
Hi, we are on 7.0.3. nothing done Internal to externally. Internally, we updated our LDAP servers.
Any thoughts? Listed my Firmware as 7.0.3
Got another one:
(absolute time): 2022/09/02 09:30:19
Client 223.71.167.166 control connection (id 1) finished
Abuse IP says that this IP comes from China.
Hello 6sITdept,
Can you check if L2TP is enabled on the firewall or not also confirm if are you using L2TP in your network.
show vpn l2tp
show full | grep -f l2tp
Created on 09-06-2022 10:27 AM Edited on 09-06-2022 11:56 AM
Hi vshau, executing "show vpn l2tp" does show "set status enable"
Executing the 2nd command "show full | grep -f l2tp" has a huge long list of commands that show how the Firewall is setup. I am not going to post that here unless you need a certain section that I can sanitize.
We are using a Forticlient for VPN and using IPsec. I'm reading more, but that does not sound like L2TP. is that correct?
hope that helps.
Hello 6sITdept,
If you're not using l2tp in your network then I'll suggest disabling the l2tp, it will resolve your issue,
config vpn l2tp
set status disable
end
To check you can use the below commands:
diagnose debug enable
diagnose vpn l2tp status
diagnose vpn l2tp tunnel
You can go through the below doc to know about l2tp more:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/539712/configuring-l2tp-vpns
https://docs.fortinet.com/document/fortigate/6.2.11/cookbook/386346/l2tp-over-ipsec
I disabled the L2TP and then tried my current VPN access. Everything is working. It appears that disabling L2TP does not effect my current VPN. thank you for your advice.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.