Hi community,
We have configured site-to-site VPN between FTD and FGT, the VPN is up and works but suddenly after few days traffic stops from one side even tho VPN is still up, as show0n in the screenshot
The only way to fix is to delete all the configuration from FGT and FTD and reconfigure again.
I would appreciate any kind of help to fix this.
I tried to upgrade FTD and FGT but no the problem is the same.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @bledian,
You can try disabling npu-offload and see if it helps. https://docs.fortinet.com/document/fortigate/7.4.4/hardware-acceleration/636026/disabling-np-offload...
Regards,
Hi @bledian ,
Instead of recreating the tunnels, have you tried just flushing them in FortiGate side?
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-flush-a-VPN-tunnel/ta-p/196631
Try to check if there are differences in the key lifetime for both phase1 and phase2.
While the issue is happening, it is best to do some debugs to understand more what is happening.
CLI session 1 :
diag vpn ike log-filter dst-addr4 x.x.x.x ------------where x.x.x.x is the remote gatewayIP
diag debug app ike -1
diag debug enable
Then open new CLI sessions with sniffer and debug flow commands and do test simulation by pinging from source to destination.
CLI session 2 :
diag sniff packet any 'host <source IP> and host <destination IP> and icmp' 4 0 l
CLI session 3 :
diag debug flow filter saddr <source IP>
diag debug flow filter daddr <dest IP>
diag debug flow filter proto 1
diag debug enable
diag debug flow trace start 100
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.