Hot!Problem (LOG) with Fortigate 200E

New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/02/12 01:52:40
  • Status: offline
2020/02/12 02:42:16 (permalink)

Problem (LOG) with Fortigate 200E

Hi guys,
i already had S2S ipsec to a company that it was working , now i deleted these ipsec because we don't want to work together but i have still this log. why ?    
02-10-2020    11:43:20    User.Error      date=2020-02-10 time=11:43:20 devname="Fortigate 200E" devid="FG200ETK189120" logid="01010324"
type="event" subtype="vpn" level="error" vd="root" eventtime=15813300 logdesc="IPsec phase 1 error" msg="IPsec phase 1 error" action="negotiate" remip=****** locip=****** remport=522 locport=522
outintf="wan1" cookies="c38065091/0000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A"
status="negotiate_error" reason="peer SA proposal not match local policy" peer_notif="NOT-APPLICABLE"
02-11-2020    09:16:18    User.Error    date=2020-02-11 time=09:16:17 devname="Fortigate 200E"
devid="FG200ET20" logid="010108"
 type="event" subtype="vpn" level="error" vd="root" eventtime=15814077 logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=******* locip=****** remport=522 locport=522
outintf="wan1" cookies="018d8587b/0000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A"
 status="failure" init="remote" mode="main" dir="inbound" stage=1 role="responder" result="ERROR"
Best Regard

1 Reply Related Threads

    Expert Member
    • Total Posts : 6241
    • Scores: 522
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: Problem (LOG) with Fortigate 200E 2020/02/12 08:45:49 (permalink)
    5 (2)
    It basically says there is an IPsec VPN connection attempt but the policy is missing. Most probably the other side still has it's VPN configuration in place and tries to reconnect. You can verify this by looking at the remote IP.
    If it's not the other site, it's some rogue connection attempt. These are quite frequent and common nowadays. If it bothers you, you can write a local-in policy to block this host.


    " Kernel panic: Aiee, killing interrupt handler!"
    Jump to:
    © 2020 APG vNext Commercial Version 5.5