Description This article describes an issue where a FortiClient IKEv2
remote-access connection fails on the first authentication attempt with
the error 'No SA proposal chosen' but establishes successfully on the
second attempt. This behavior typicall...
Description This article describes how to configure Certificate
Revocation List (CRL) checks for dial-up IPsec VPN users authenticated
with certificates on a FortiGate. Both file-based CRL import and online
CRL updating methods are covered. In this s...
Description This article describes an issue where FortiClient does not
forward traffic to the FortiGate over an IKEv2 IPsec tunnel when both
Phase 1 and Phase 2 are configured with the AES256-SHA512 proposal. The
behavior has been observed following ...
Description This article describes the FortiGate-side changes that
commonly restore missing SD-WAN information in FortiAnalyzer's FortiView
SD-WAN widgets. Scope FortiGate, FortiAnalyzer. Solution Even if
FortiAnalyzer successfully receives SD-WAN lo...
Description This article describes a specific scenario where, due to an
HA split-brain scenario, an IPsec tunnel flaps and repeated rekey/ESP
SPI mismatches are noticed. Scope FortiGate HA. Solution If repeated
Received ESP packets with unknown SPI e...
