This could be caused by payload fragmentation. If traffic is TCP; try
manipulate the TCP-MSS on the firewall policy that match this traffic.
Do this on both sides of the tunnel.# config firewall policyedit tcp-mss-sender tcp-mss-receiver I usually te...
I beleive you cannot use that "simple" design with termination directly
to Azure VPN. The Fortigate removes routes for down tunnels and can then
send traffic the tunnel that is still up. The command "monitor" in VPN
is used to keep second tunnel down...
Hi. That company's IPSec setting may miss "nat traversal" configuration?
Then you can not be behind a NAT:ed firewall. More unlikely you have
some config in your fw that blocks IPSec. Check with packet capture on
outside interface if you get response...
Hi. Looks like Fortiswitch has LACP "active" and in Nexus it is
"passive". Try change Nexus ports to "channel group .. mode on". Why do
you use two port-channels between the switches? With this setup one of
the connection will be STP blocked (on VLAN...