Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
iizuca
New Contributor

FortiGate301e ignores DPD packets from Azure

We encountered a issue with site-to-site VPN to Azure Virtual WAN using FG301e.

VPN can be established without any issue, but it is disconnected frequently.

On Azure side VPN log, the reason of disconnection is DPD timeout.

I put L2 switch between FG301e and ISP router and captured packets, and found out that DPD packets were arrived to FG301e (at least to L2 switch) but FG301e did not respond to it. (FG301e responds to DPD packets most of time, but it stops responding for 10-30secs suddenly and Azure detects DPD timeout.)

On FG301e IKE debug log, there was no logs of DPD packets which must have arrived to it.

 

We replaced UTP cable and FG301e unit, but situation did not changed.

We have more than 20 Fortigate firewalls and 301e is used only in this site. Other models(not 301e) are working with no issue.

 

Some of the VPN settings are as follows.

NAT-T: disabled

DPD: On-demand

AUto-nego: Enabled

Phase2 selector: 0.0.0.0/0 (for both local/remote)

 

Did anyone experienced similar problem like this?

Any suggestions applicated.

1 REPLY 1
mgoswami
Staff
Staff

Hi,

Could you try enabling DPD always-on instead of on-demand, as this will send DPD packets more frequently and may help detect and recover from connectivity issues more quickly.

Also, check the FortiGate's system logs to see if there are any errors or warnings related to the VPN connection or network connectivity.

Labels
Top Kudoed Authors