Hot!IPSEC tunnel flaps every 2 - 3 minutes

Author
atsak
New Member
  • Total Posts : 10
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/07/21 11:13:47
  • Status: offline
2018/01/09 17:27:37 (permalink)
0

IPSEC tunnel flaps every 2 - 3 minutes

Deploying my 6th fortinet 60e - going not bad.  The tunnel on this one flaps every 2 minutes or so.   It's a route based VPN with a tunnel interface.
 
Link monitor: Interface TUNNEL1 was turned down
then a second or so later
Link monitor:  Interface TUNNEL1 was turned up
 
Tunnel is between the 60E and a Juniper SSG550M.    All the other Fortinet's are fine so far.
 
Dead Peer Detection is turned off
 
How do I figure out WHY the firewall is turning the VPN tunnel down.   I'm at a loss why the other 5 work absolutely fine and this one doesn't.    The firmware versions are the same and I use the same configuration file for each one of them.
#1

8 Replies Related Threads

    atsak
    New Member
    • Total Posts : 10
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/07/21 11:13:47
    • Status: offline
    Re: IPSEC tunnel flaps every 2 - 3 minutes 2018/01/09 20:04:55 (permalink)
    0
    Is it possible this unit is defective?  It has the latest firmware.
     
    The issue occurs on either the WWAN port or the WAN1 port . . .
     
    I have been testing also connecting to the firewall from the external IP - I seem to lose connection that way too, not over VPN, just for a second or two every couple minutes.
     
    #2
    neonbit
    Expert Member
    • Total Posts : 479
    • Scores: 55
    • Reward points: 0
    • Joined: 2013/07/02 21:39:52
    • Location: Dark side of the moon
    • Status: offline
    Re: IPSEC tunnel flaps every 2 - 3 minutes 2018/01/09 21:05:18 (permalink)
    0
    You can do a hardware test to confirm if the device is defective by running the following command via the CLI:
     
    diagnose hardware test suite all
     
    Have you checked to make sure the network/wan link the 60E is using is not the problem?
    #3
    atsak
    New Member
    • Total Posts : 10
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/07/21 11:13:47
    • Status: offline
    Re: IPSEC tunnel flaps every 2 - 3 minutes 2018/01/09 21:09:57 (permalink)
    0
    Yes, I've tried two different links (one cable one LTE modem), both have the exact same issue but only with this particular device.
    #4
    Eyals
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/07/12 00:35:24
    • Status: offline
    Re: IPSEC tunnel flaps every 2 - 3 minutes 2018/07/12 00:37:05 (permalink)
    0
    Hi,
    Were you able to resolve this?
    I am having the exact same issue with Fortigate on AWS and Juniper SSG550
    #5
    sw2090
    Gold Member
    • Total Posts : 202
    • Scores: 10
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: IPSEC tunnel flaps every 2 - 3 minutes 2018/07/19 00:36:52 (permalink)
    0
    I had something like that too:
     
    tunnels did not respond but on FGT were not shown as down.
    It turned out they were not down but the FGT does somewhat suspend the tunnel when there is no traffic on it by default. 
    Turning on some keep alive feater (I'd have to look it up again if you need it) stopped this.
    #6
    Eyals
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/07/12 00:35:24
    • Status: offline
    Re: IPSEC tunnel flaps every 2 - 3 minutes 2018/07/19 00:41:18 (permalink)
    0
    In my case, tunnel is seen as down in the VPN monitor, and in the VPN events log, you can see every couple of minutes  messages of the interface is down/up.
    If you can find what solved it for you, it could be helpful, thanks.
    #7
    trchia
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/09/21 10:31:05
    • Status: offline
    Re: IPSEC tunnel flaps every 2 - 3 minutes 2018/09/21 10:31:54 (permalink)
    #8
    trchia
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/09/21 10:31:05
    • Status: offline
    Re: IPSEC tunnel flaps every 2 - 3 minutes 2018/09/21 11:58:09 (permalink)
    0
    ....also make sure that the key lifetime is not too long.
    #9
    Jump to:
    © 2018 APG vNext Commercial Version 5.5