Hi,
I work in Geneva, and we have some issues with the VPN ipsec between fortigates. The VPN is working fine, and some times, they stop working eventhough they are still up. We found that this happens a lot with swisscom lines.
The VPN is up, the route are ok, but nothing goes through the VPN. No traffic arrives at destination. We reboot the ISP router and it work again, or we shut the VPN and turn it back on (by changing the remote ip on the ipsec, and putting back the good one) and then it work again.
Are you aware of this kind of problem ? Does it come from the ISP ? Is there anyway to avoid that ?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
The issue which you are facing could be from the ISP as well since it starts working after rebooting the ISP router.
You may take a sniffer output and see if the traffic is going out from the firewall while you are facing the issue.
If it's going out and not reaching the other end and lost in between, you might then need to check with the ISP.
diag sniffer packet any 'host x.x.x.x and host y.y.y.y and icmp' 4 0 a
x.x.x.x would be your source IP and y.y.y.y would be your destination IP.
Initiate a ping to the remote end now and see if the packets are leaving the FGT.
BR,
Manosh
Hi seiji9,
Please let us know if the issue you encounter is frequent and if it happens at any specific time of a day.
Also please let us know the fortigate device model and firmware you are using on fortigate ?
Regards,
Parteek
Hello
Yes we have the same problem with Swisscom.
What you can try you make a NAT so I could partly fix this problem as a workaround.
Otherwise only a reboot of the ISP helps.
On the part of Swisscom has not yet come any help.
Hello, I had the same problem
VPN stop passing traffic, but we didnt reboot the ISP device, waiting some time, the VPN were passing traffic again.
I have created many tickets until this seems is solved now. The last thing I did, and what seems that solve the issue, is disabling hardward accelleration on VPN phase 1 interface:
-------------------------------------------
config vpn ipsec phase1-interface
edit "Phase1_Interface_name"
set npu-offload disable
end
---------------------------
I have 60F.
Regards!
Damián
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1721 | |
1098 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.