Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
zero87line
New Contributor

Created on ‎04-02-2024 04:57 PM

[get vpn ipsec tunnel summary] tx error count

Hello
While checking the tunnel status, it was confirmed that the tx error value steadily increased.
I wonder why you get these symptoms.
And is there a separate command that can only clear the corresponding error value?

 

 

수정카운터 증가값 관련.png

Labels:
179
0 Kudos
1 REPLY 1
xshkurti
Staff
Staff

Created on ‎04-03-2024 12:14 AM

@zero87line 

Txe error count can be caused by the following reasons:

 

- Attempting to send traffic when no IPsec SA has not been negotiated.

- Attempting to send traffic when there is no route to the gateway IP.

- Attempting to send traffic on an IPsec SA that is dead/expired.

- No memory available to add the IPsec header onto the egress packet.

 

The txe error can also count up if there are phase 2 selectors, and then try to ping a destination not allowed by the selector.

The txe error count will then increment by one for every ping.

 

Else, drops could be due to large size packets.

 

For more info please check this link:

IPsec VPN tunnel errors due to traffic no... - Fortinet Community

146
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.