INCOMING CONNECTION, VIP ,IPSEC problem

Philippe · ‎05-05-2020

We’re having a problem with our Incoming connections on the fortigate. So we’ve a couple of VIP’s and ipsec tunnels Suddenly https/ssh/.... traffic to a server with a vip and port forwarding the traffic drops. Also mgmt actions on the web gui of the fortigate using ipsec tunnel suddenly doesn’t work anymore. We’ve openend a ticket 4weeks ago with fortinet What we see is “”no session match” in the debug flow. They think it’s the npu unit of the fortigate with a bug. I downgrade in a couple steps from 6.2.3 to 6.0.5 without succes. So we think it’s a worng setting ... someone that can help us?

Dave_Hall · ‎05-06-2020

Sounds like the regular administration access ports may need to be changed if they conflict or interference with any of the ports on your VIP/IPSec tunnels.

From the CLI, you can check/set the management port access as follows:

config system global set admin-idle-timeout <integer> set port-http <integer> set port-https <integer> set port-ssh <integer> set port-telnet <integer> end As for the interface admin access setting (mgmt as an example):

config system interface edit "mgmt" set allowaccess ping https ssh http fgfm next end

And from the GUI:

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C