Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JP57
New Contributor II

Created on ‎09-26-2023 08:56 AM

FG to Sierra Wireless XR80 IPSec VPN

Has anyone successfully created an IPSec VPN tunnel between a FG on a Sierra Wireless XR80/90?

 

I've created a tunnel, routes, and policies successfully, but can't get communication across the tunnel.

Tried Sierra Wireless's documentation too, with no success.

https://source.sierrawireless.com/airlinkos/XR80-4.1/reference/networking/howto/vpn/

Like I said, the tunnel is up, but can NOT get traffic to flow across.

Labels:
1676
0 Kudos
1 Solution
JP57
New Contributor II

Created on ‎09-27-2023 06:10 AM

Might have been related to the cellular service plan we had the XR80 on.  Switched it over to their Fixed Wireless plan and then it worked.  Made no other changes to the FG.

View solution in original post

1641
0 Kudos
4 REPLIES 4
TuncayBAS
Contributor II

Created on ‎09-27-2023 12:51 AM

Can you initiate a ping from a PC behind Fortigate to a PC behind Sierra and get a debug?

You must make sure that the packet enters the VPN.

 

for example:


Let the PC behind FGT be: 192.168.1.100
PC running Sierra: Let it be 192.168.3.200

 

dia debug flow filter addr 192.168.3.200
dia debug flow trace start 100
dia debug en

 

When you start a ping to 192.168.3.200, the debug logs that appear on the screen may contain messages that will help you understand the problem.

 

Tuncay BAS
RZK Muhendislik Turkey
FCA,FCP,FCF,FCSS
Tuncay BASRZK Muhendislik TurkeyFCA,FCP,FCF,FCSS
1653
0 Kudos
JP57
New Contributor II

Created on ‎09-27-2023 06:10 AM

Might have been related to the cellular service plan we had the XR80 on.  Switched it over to their Fixed Wireless plan and then it worked.  Made no other changes to the FG.

1642
0 Kudos
mle2802
Staff
Staff

Created on ‎09-27-2023 07:34 AM

Hi @JP57,

Is the tunnel up when using cellular service? You can try to switch back and run debug flow commands on FortiGate to see if traffic flowing through the tunnel:

diag debug reset
diag debug flow filter addr X.X.X.X (source IP)
diag debug flow filter proto 1
diag debug flow show ip en
diag debug flow show func en
diag debug console time ena
diag debug ena
diag debug flow trace start 999

Regards,
Minh

1637
0 Kudos
parteeksharma
Staff
Staff

Created on ‎09-27-2023 10:09 AM

Dear JP57,
Please check if the traffic is hitting to the correct policy and route is present on firewall to point the interesting traffic to flow across correct IPsec tunnel.

Regards,
Parteek

1630
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.