Hi,we are having a strange VPN problem with one IPSEC tunnel of a remote
site. All other sites work fine. But this 200F sometimes looses VPN
connectivity directly after a scheduled FortiGuard update. This can be
seen in the sites eventlog, where the ...
Hi,after updating to v6.2.11 some connections via the explicit proxy
failed, the error was "504 Gateway Timeout".In my case the explicit
proxy used a different source IP for connections over a VPN. This failed
because the new source IP was not part o...
Hi,the Fortigate has the vip type "server-load-balance" for a while and
some features eg https offloading and cookie persitence looked
promising, but there was a bug in the cookie handling that spoiled it
all.Since FOS 6.4 this is fixed and we use th...
Hi,we see strange tunnel-stats of remote access VPNs that might point to
an issue. There are some complaints coming from users about stale
tunnels, but because of the current situation there is too much
happening at the same time to correlate things....
Hello forum, we have a box with many VPN tunnels, but one is giving me a
headache.I like to do a long term debugging, because FortiAnalizer has
not the necessary details like dpd messages. My best method currently is
to run a "screen" session with ou...
Hi @hbac the central SNMP monitoring has a gap during that time, because
it needs the tunnel to poll data, so I need to improvise here.- The
local eventlog writes perfmon data every 5 minutes; all with "CPU: 0".-
The "Memory"-widget shows data of the...
Hi @Rathan_FTNT no, the different handling of the outgoing IP must be a
new feature/bug in v6.2.11. We updated from v6.2.10 where everything was
fine. Regards,Dirk
Hi @jintrah_FTNT , I just reenabled the option to reproduce the bug. Of
course in production you have it ON or OFF, but if you have it ON, the
SNAT-Pool will not work. Regards,Dirk
Hi @jintrah_FTNT , my box has FOS6.4.9. If I turn on http-multiplex for
a VIP, the SNAT-Pool is ignored and the interface VIP is used to connect
to the real server. If I turn it off (and wait for sessions to time out)
SNAT works again.Just ran a tcpd...
Hello @jintrah_FTNT ,ok, to put it more clearly: there is no column for
VIP, so you can not filter on it. It is possible to check every log
lines details to find the VIP. But ist is not the same as with FAZ,
where you can see the VIP as a column and ...
