FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes why the IPsec tunnel between FortiGate and iOS/iPadOS devices is terminated when the iOS/iPadOS device screen is locked.
Scope
FortiOS, iOS, iPadOS.
Solution
It is expected behavior that the IPsec tunnel between FortiGate and iOS/iPadOS device (native iOS/iPadOS IPsec client) will be terminated shortly after the iOS device screen is locked. A few seconds after the iOS/iPadOS device screen is locked, the iOS/iPadOS device will send a request to FortiGate to terminate the IPsec tunnel:
diagnose debug application ike -1 diagnose debug enable
ike 0: recv IPsec SA delete, spi count 1 ike 0: deleting IPsec SA with SPI
MacOS devices will not terminate the tunnel after the screen is locked.
