Hi All, I config FGT1500D on HA mode, it 's still standalone mode and
then HA mode we change to cluster, the unit can not be accessed or ping
again to ip address is device and when we change HA mode back to
standalone , it can to ping again or access...
Dear Scao/Scapraro, we configure ipsec vpn site to site between
fortigate 200D and watchguard , the parameter is same phase1 and phase2
both of them , ping from fgt to ip public remote site is OK, but tunnel
still not up , so we do diagnose debug ena...
Dear Scao/Scapraro,We currently need to generate a report log in
Fortigate vpn authentication, but when seen it in the FortiAnalyzer log
the authentication status "Logout" only, no log when the "Login", so we
do not know how long the user connect to ...
we ready set NAT Traversal to Disable,but condition still same, bese on
event log VPN, it is never up to phase2, only success to phase1, please
see attached
HI, Nils, The result sniff packet as below FG200D3916800121 (root) #
diag sniffer packet port4 'host 117.54.227.92 and port
500'interfaces=[port4]filters=[host 117.54.227.92 and port 500]3.685968
117.54.227.92.500 -> 119.252.165.90.500: udp 1367.6888...
it's my config on FGT, just for info we already also setting up another
tunnel site to site with cisco ASA on this fortigate it use same
interface on port 4 (vietnam). it's connection is OK edit "vpn_icc" set
vdom "root" set type tunnel set snmp-inde...
based on this debug log :the ip fortigate is 119.252.165.09, and iP
watchguard 117.54.227.92,i think the fgt can't reach ip address
watchguard, but it can ping remote ip (117.54.227.92)could not send IKE
packet (ident_i1send):119.252.165.09 :500->117...
