Hi @crti , welcome to the community.
Please find more info about that log at: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Explanation-of-Unknown-SPI-message-in-Even...
Hello,
SPI is a value that is sent with every ESP packet, and is used as a means of matching incoming ESP packets to the correct IPsec tunnel on the VPN endpoint.
Enabling DPD on both ends of the VPN can help in scenarios where one of the VPN endpoints temporarily disappears.
To enable Dead Peer Detection
1) Go to VPN -> IPSec Tunnels and select the VPN Tunnel to edit.
2) Select Edit for the Network settings.
3) Set Dead Peer Detection to either On Idle or On Demand.
4) Select OK.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.