Some of my FortiGate devices are showing two IPSEC tunnels to the same
remote-gateway. The tunnels show up with the names NAME_0 and NAME_1.
This causes ping to fail because ICMP will come in through NAME_0 and
then the ICMP response is dropped due t...
I'm getting inconsistent test results for a batch of Fortigate devices.
After a few days the Fortigate loopback IP stops responding to pings.
The flow shows "reverse path check fail, drop". No configuration changes
are made and the Fortigate is reboo...
FortiGate Is there a way to see why a Fortigate will not send an ICMP
response? I have a batch of Fortigate 80Es with the same configuration
template. Some of the Fortigates will stop responding to ping responses
back to the switch (connected to a 20...
Thank you for the reply. Great advice about keeping the name short.
Thankfully, this is not an issue. I'm not using dial up VPN and I don't
see any good reason why I would want concurrent connections or split
tunneling. It seems I have an unintended ...
Looks good:- net-device enable on spoke, disable on HUB- add-route
disable Potential Issue:- tunnel-search next-hop on spokes (if you are
on 6.4 and lower) << 'set tunnel-search nexthop' is on the hub, not the
spoke (firmware is 6.4.5).- ibgp-multipa...
Thanks for the reply Adrian. This is an ADVPN setup, but I am still
trying to understand the tunnel configuration. If I use 'diag vpn ike
gateway clear name NAME_1', then the pings start working. I can also see
the routing table and the ipsec tunnel ...
