Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- Lacework
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- VPN not working after update firmware
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 03-07-2007 07:25 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VPN not working after update firmware
After I update firmware my VPN not working, following is my scenario
FGT 100A 3.0 build 0477 operation mode NAT
FGT 50A 3.0 build 0406 operation mode Transparent
VPN connecting from FGT 50A to FGT 100A
Is it need any config. changes
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
17 REPLIES 17
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Which one(s) did you update, and from what release(s)?
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
both FGT updated from factory default to 2.8 MR11 then 3.0
Not applicable
Created on 03-07-2007 12:26 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sabuthomas,
Please read the release notes on MR4.
Regards, Eric
Not applicable
Created on 03-13-2007 02:46 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi....
I' v been doing this too and the VPN wouldn' t work, maybe you should configure it from the scratch....by the way i also got problem with protection profiles and they don' t work too. I think it always problem if we upgraded from v2.8 MR11 to v3.0. I do not know why? Maybe others can give an answer?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My remote peer getting following error,
Negotiate SA Error: No matching gateway for new phase 1 request
My remote FGT config as follows
Operation Mode: NAT
Firmware Fortigate-100A 3.00,build0477,070126
My other end FGT config as follows
Operation Mode Transparent
Firmware Fortigate-50A 3.00,build0400
If I downgrade to 2.8 MR11 on FGT100A then my VPN is working fine.
Anybody have any such experiance please help me
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just a question. Have you tried MR3 patch 6 on the 100A? Im curious if it is an MR4 thing, or a non MR2 issue. Fortinet rewrote the IPSec section of their firmware between 2.8 and 3.0.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I did not tried in MR3, 100A is on MR4
When I downgrading to 2.8 MR11 then it is working fine, eventhough my 50A on 3.00 build 400
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sabuthomas,
I had the same problem when I upgraded a 50A to version 3 firmware from 2.8.
The problem I had was caused by the 50A sending out IPSEC packets using the source IP of a secondary IP address and not the primary IP of the main interface.
I verified this by using debug commands in the cli.
diagnose debug application ike 3
diagnose debug enable
You can see the IPSEC Phase1 initial request coming into the firewall from the remote end and the source IP was different to the one it was supposed to use.
This might not be your problem however and I would agree with ATA and delete the entire vpn config and start again which will most likely work.
Cheers
Paul
NSE4
NSE4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A very strange thing which I found is that, as per my following scenario
Main Office FGT100A NAT Mode
Branch office FGT50A Tranparent Mode Ver 3.00 build 400
My VPN will work fine if I downgrade my main office to 2.8 MR11 without changing any configuration in VPN in both end
But when I upgrade my main office to 3.0 MR4 then my VPN failed and I received error massage “Negotiate SA Error: No matching gateway for new phase 1 request.†In my main office FGT and no error message in my branch office FGT
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- HA problem in 121 G firewall... 81 Views
- FortiSwitch - MCLAG Firmware Update/Mismatch 96 Views
- What is the correct process to... 226 Views
- SSLVPN not routing correctly for SSL... 297 Views
- planning to move away from using... 135 Views
Labels
-
FortiGate
7,765 -
FortiClient
1,549 -
5.2
801 -
FortiManager
657 -
5.4
639 -
FortiAnalyzer
500 -
6.0
416 -
FortiAP
404 -
FortiSwitch
402 -
5.6
362 -
FortiClient EMS
345 -
FortiMail
294 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
185 -
SSL-VPN
155 -
FortiNAC
151 -
IPsec
139 -
6.4
128 -
FortiGuard
124 -
FortiGateCloud
98 -
FortiCloud Products
93 -
FortiSIEM
92 -
FortiToken
84 -
SD-WAN
78 -
Customer Service
73 -
Wireless Controller
71 -
4.0MR3
64 -
FortiAuthenticator
54 -
FortiProxy
52 -
Firewall policy
51 -
FortiEDR
49 -
FortiADC
49 -
Fortivoice
46 -
FortiDNS
41 -
High Availability
40 -
VLAN
39 -
FortiSandbox
38 -
FortiExtender
38 -
FortiGate v5.4
35 -
FortiSwitch v6.4
33 -
LDAP
33 -
ZTNA
33 -
DNS
31 -
Routing
29 -
BGP
28 -
Interface
27 -
SAML
26 -
NAT
26 -
Certificate
26 -
FortiConnect
25 -
FortiWAN
24 -
FortiGate v5.2
23 -
RADIUS
23 -
Authentication
23 -
FortiConverter
22 -
SSO
22 -
VDOM
20 -
FortiLink
20 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
Virtual IP
17 -
Web profile
17 -
Logging
16 -
FortiMonitor
16 -
Traffic shaping
16 -
FortiDDoS
15 -
Application control
15 -
FortiGate v5.0
14 -
Fortigate Cloud
14 -
SSL SSH inspection
14 -
FortiCASB
12 -
OSPF
12 -
FortiManager v5.0
11 -
Static route
11 -
IP address management - IPAM
11 -
FortiRecorder
10 -
SNMP
10 -
SSID
10 -
Admin
10 -
WAN optimization
10 -
4.0MR2
9 -
FortiSOAR
9 -
FortiWeb v5.0
9 -
FortiPAM
9 -
FortiAP profile
9 -
Web application firewall profile
9 -
FortiGate v4.0 MR3
8 -
FortiManager v4.0
8 -
FortiBridge
8 -
Automation
8 -
System settings
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
RMA Information and Announcements
7 -
Traffic shaping policy
7 -
Proxy policy
7 -
FortiCache
6 -
trunk
6 -
Packet capture
6 -
IPS signature
6 -
Security profile
6 -
Intrusion prevention
6 -
FortiCarrier
5 -
DNS filter
5 -
Users
5 -
Port policy
5 -
3.6
4 -
FortiDeceptor
4 -
FortiToken Cloud
4 -
FortiScan
4 -
FortiDirector
4 -
FortiTester
4 -
Antivirus profile
4 -
Traffic shaping profile
4 -
DLP sensor
4 -
Email filter profile
4 -
Fabric connector
4 -
Web rating
4 -
Fortinet Engage Partner Program
4 -
FortiDB
3 -
FortiHypervisor
3 -
Explicit proxy
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Netflow
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
FortiNDR
2 -
Internet service database
2 -
Application signature
2 -
Protocol option
2 -
Replacement messages
2 -
Schedule
2 -
Service
2 -
VoIP profile
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Kerberos
1 -
API
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
Authentication rule and scheme
1 -
TACACS
1 -
SDN connector
1 -
Multicast policy
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.