FortiGate301e ignores DPD packets from Azure

Author
iizuca
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2021/09/07 22:27:39
  • Status: offline
2021/09/08 05:03:43 (permalink)
0

FortiGate301e ignores DPD packets from Azure

We encountered a issue with site-to-site VPN to Azure Virtual WAN using FG301e.
VPN can be established without any issue, but it is disconnected frequently.
On Azure side VPN log, the reason of disconnection is DPD timeout.
I put L2 switch between FG301e and ISP router and captured packets, and found out that DPD packets were arrived to FG301e (at least to L2 switch) but FG301e did not respond to it. (FG301e responds to DPD packets most of time, but it stops responding for 10-30secs suddenly and Azure detects DPD timeout.)
On FG301e IKE debug log, there was no logs of DPD packets which must have arrived to it.
 
We replaced UTP cable and FG301e unit, but situation did not changed.
We have more than 20 Fortigate firewalls and 301e is used only in this site. Other models(not 301e) are working with no issue.
 
Some of the VPN settings are as follows.
NAT-T: disabled
DPD: On-demand
AUto-nego: Enabled
Phase2 selector: 0.0.0.0/0 (for both local/remote)
 
Did anyone experienced similar problem like this?
Any suggestions applicated.
#1

0 Replies Related Threads

    Jump to:
    © 2021 APG vNext Commercial Version 5.5