I have the following situation:
In my datacenter, i have a PFsense set up that is connected to 7 fortigate firewalls (30D - v5.6.8 build 1672 (GA)).
My issue is the following:
one of them is very unstable (it will rarely connect, and when it does, it works but goes disconnected again for 30 minutes).
the unstable one however is connected to another fortigate that doesn't have the problem.
My set up is the following:
Fortigate 30D (wan ip 192.168.1.33) <-> (Full port forward) ISP Modem ----- INTERNET ----- MAIN FIREWALL -- PFSense
NAT T is forced between the 2 sites.
my pfsense is trying to send packets to my fortigate:
sending packet: from PUBLIC_WAN_IP_PFSENSE[500] to PUBLIC_WAN_IP_FORTIGATE[500] (360 bytes)
The only strange thing i noticed on my pfsense is that it sends packets on port 500 (and not 4500 like all of the others).
My fortigate keeps sending IKE keep alives and NAT keep-alive 5 (from its private wan IP to my public wan of the pfsense) without success.
When i try to bring it up on my fortigate (phase 1), i see that the latest message is 'SENT IKE MSG (p2_RETRANSMIT): (from its private wan IP:4500 to my public wan ip of pfsense:4500)
Could this port mismatch be the cause of my instable VPN?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1721 | |
1098 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.