Otdfbt

Is the capacitor drawn or wired wrongly?

Chopin: marche funèbre bar 15 impossible place

Is there any word or phrase for negative bearing?

Count down from 0 to 5 seconds and repeat

Why don't B747s start takeoffs with full throttle?

What does War Machine's "Canopy! Canopy!" line mean in "Avengers: Endgame"?

X-shaped crossword

My coworkers think I had a long honeymoon. Actually I was diagnosed with cancer. How do I talk about it?

How could a possessed body begin to rot and decay while it is still alive?

Why is c4 bad when playing the London against a King's Indian?

Do manufacturers try make their components as close to ideal ones as possible?

Why do guitarists wave their guitars?

Does any lore text explain why the planes of Acheron, Gehenna, and Carceri are the alignment they are?

What are the words for people who cause trouble believing they know better?

Using new lumber in an old wall with larger lumber dimensions

How can Iron Man's suit withstand this?

Applicants clearly not having the skills they advertise

Short story written from alien perspective with this line: "It's too bright to look at, so they don't"

What's the logic behind the the organization of Hamburg's bus transport into "rings"?

Do adult Russians normally hand-write Cyrillic as cursive or as block letters?

PhD student with mental health issues and bad performance

California: "For quality assurance, this phone call is being recorded"

What's the correct term for a waitress in the Middle Ages?

Will TSA allow me to carry a Continuous Positive Airway Pressure (CPAP) device?

Fortigate to Azure - working VPN suddenly stops working

Fortigate to Azure VPN — connected but can't reach anythingDHCP relay through Fortigate 60B firewall isn't workingMikroTik IPsec client Fortigate 'Received ESP packet with unknown SPI.'Azure VPN and On Site routingFortigate VPN client disconnects cause SSH connection resetsAzure VPN Site to Site Gateway PerformanceConnecting Azure VPN Site to Site with my Cisco Router (RV350)Azure Site-to-Site VPN Tunnel Cisco ASA 8.2Azure Site-to-site VPN loses connection every couple of days, server reboot fixes itFortigate to Azure VPN — connected but can't reach anythingAzure or VPN options for 3 remote sites

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

0

I have a FortiGate 60E that I successfully used to create a VPN to an Azure virtual network (see here). It had the 6.0.4 firmware.

Recently, I updated the Fortigate firmware to 6.2.0 and the VPN came up correctly, but after a few days, it started to not route anything. The VPN was still up on both sides, but I couldn't see anything. Rebooting the Fortigate had no effect.

So I deleted all the VPN objects on Azure and recreated everything from scratch. It worked again... for a while.

So I decided to downgrade the Fortigate to 6.0.5 (released a few days ago), without changing anything in Azure. It worked again... for around 15 hours. And now it's down.

I will try downgrading again to 6.0.4, but I am starting to think that may not be it. When I redid everything in Azure, it came back up. The second time I did nothing in Azure, and it came back up. So I am starting to think that it's something on the Fortigate side that brings up the VPN but then messes up.

On another, older Fortigate I have the exact same setup (but firmware 5.6.8), and it has been working flawlessly for weeks.

-- EDIT --

On further inspection, I looked at the logs and found a Dead Peer Detection error:

The tunnel_stats events before that show sent and received bytes (bidirectional), but all tunnel_stats events after the dpd_failure only show sent bytes, but received bytes are always zero.

-- END EDIT --

-- EDIT 2 --

Last night I downgraded to 6.0.4 and the VPN did not come back up.

I had a deeper look at the logs and found that same DPD error every day at exactly the same time, just after 11 am. It just happened that yesterday's DPD error closed the tunnel for good.

-- END EDIT 2 --

Any ideas are welcome!

azure site-to-site-vpn fortigate

share|improve this question

edited May 19 at 17:56

Luis Alonso Ramos

asked May 19 at 0:55

Luis Alonso RamosLuis Alonso Ramos

23115

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Forget about this question. This Fortigate was set in a test environment below another router. Resetting that router brought the VPN back up. I even upgraded to 6.2 again. The VPN kept going down at 11 am, but reseting the router would bring it back up. Now I installed the router in the production environment and everything is going well so far. I will keep you posted.
  
  – Luis Alonso Ramos
  May 26 at 20:02
  

  
  
  
  

add a comment | 

0

I have a FortiGate 60E that I successfully used to create a VPN to an Azure virtual network (see here). It had the 6.0.4 firmware.

Recently, I updated the Fortigate firmware to 6.2.0 and the VPN came up correctly, but after a few days, it started to not route anything. The VPN was still up on both sides, but I couldn't see anything. Rebooting the Fortigate had no effect.

So I deleted all the VPN objects on Azure and recreated everything from scratch. It worked again... for a while.

So I decided to downgrade the Fortigate to 6.0.5 (released a few days ago), without changing anything in Azure. It worked again... for around 15 hours. And now it's down.

I will try downgrading again to 6.0.4, but I am starting to think that may not be it. When I redid everything in Azure, it came back up. The second time I did nothing in Azure, and it came back up. So I am starting to think that it's something on the Fortigate side that brings up the VPN but then messes up.

On another, older Fortigate I have the exact same setup (but firmware 5.6.8), and it has been working flawlessly for weeks.

-- EDIT --

On further inspection, I looked at the logs and found a Dead Peer Detection error:

The tunnel_stats events before that show sent and received bytes (bidirectional), but all tunnel_stats events after the dpd_failure only show sent bytes, but received bytes are always zero.

-- END EDIT --

-- EDIT 2 --

Last night I downgraded to 6.0.4 and the VPN did not come back up.

I had a deeper look at the logs and found that same DPD error every day at exactly the same time, just after 11 am. It just happened that yesterday's DPD error closed the tunnel for good.

-- END EDIT 2 --

Any ideas are welcome!

azure site-to-site-vpn fortigate

share|improve this question

edited May 19 at 17:56

Luis Alonso Ramos

asked May 19 at 0:55

Luis Alonso RamosLuis Alonso Ramos

23115

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Forget about this question. This Fortigate was set in a test environment below another router. Resetting that router brought the VPN back up. I even upgraded to 6.2 again. The VPN kept going down at 11 am, but reseting the router would bring it back up. Now I installed the router in the production environment and everything is going well so far. I will keep you posted.
  
  – Luis Alonso Ramos
  May 26 at 20:02
  

  
  
  
  

add a comment | 

I have a FortiGate 60E that I successfully used to create a VPN to an Azure virtual network (see here). It had the 6.0.4 firmware.

Recently, I updated the Fortigate firmware to 6.2.0 and the VPN came up correctly, but after a few days, it started to not route anything. The VPN was still up on both sides, but I couldn't see anything. Rebooting the Fortigate had no effect.

So I deleted all the VPN objects on Azure and recreated everything from scratch. It worked again... for a while.

So I decided to downgrade the Fortigate to 6.0.5 (released a few days ago), without changing anything in Azure. It worked again... for around 15 hours. And now it's down.

I will try downgrading again to 6.0.4, but I am starting to think that may not be it. When I redid everything in Azure, it came back up. The second time I did nothing in Azure, and it came back up. So I am starting to think that it's something on the Fortigate side that brings up the VPN but then messes up.

On another, older Fortigate I have the exact same setup (but firmware 5.6.8), and it has been working flawlessly for weeks.

-- EDIT --

On further inspection, I looked at the logs and found a Dead Peer Detection error:

The tunnel_stats events before that show sent and received bytes (bidirectional), but all tunnel_stats events after the dpd_failure only show sent bytes, but received bytes are always zero.

-- END EDIT --

-- EDIT 2 --

Last night I downgraded to 6.0.4 and the VPN did not come back up.

I had a deeper look at the logs and found that same DPD error every day at exactly the same time, just after 11 am. It just happened that yesterday's DPD error closed the tunnel for good.

-- END EDIT 2 --

Any ideas are welcome!

azure site-to-site-vpn fortigate

share|improve this question

edited May 19 at 17:56

Luis Alonso Ramos

asked May 19 at 0:55

Luis Alonso RamosLuis Alonso Ramos

23115

share|improve this question

edited May 19 at 17:56

Luis Alonso Ramos

asked May 19 at 0:55

Luis Alonso RamosLuis Alonso Ramos

23115

share|improve this question

edited May 19 at 17:56

Luis Alonso Ramos

asked May 19 at 0:55

Luis Alonso RamosLuis Alonso Ramos

23115

asked May 19 at 0:55

Luis Alonso RamosLuis Alonso Ramos

23115

asked May 19 at 0:55

Luis Alonso RamosLuis Alonso Ramos

23115

1 Answer
1

active

oldest

votes

0

In Azure end, did you deploy Policy based gateway or Route based gateway?

Here is the list of Parameter that Azure VPN gateway is configured with: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#ipsec

Please check that out and try matching it with the On-Premises Device.

Regards,
Msrini

share|improve this answer

answered May 21 at 5:59

msrini-MSITmsrini-MSIT

101

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f967928%2ffortigate-to-azure-working-vpn-suddenly-stops-working%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

In Azure end, did you deploy Policy based gateway or Route based gateway?

Here is the list of Parameter that Azure VPN gateway is configured with: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#ipsec

Please check that out and try matching it with the On-Premises Device.

Regards,
Msrini

share|improve this answer

answered May 21 at 5:59

msrini-MSITmsrini-MSIT

101

add a comment | 

0

In Azure end, did you deploy Policy based gateway or Route based gateway?

Here is the list of Parameter that Azure VPN gateway is configured with: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#ipsec

Please check that out and try matching it with the On-Premises Device.

Regards,
Msrini

share|improve this answer

answered May 21 at 5:59

msrini-MSITmsrini-MSIT

101

add a comment | 

In Azure end, did you deploy Policy based gateway or Route based gateway?

Here is the list of Parameter that Azure VPN gateway is configured with: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#ipsec

Please check that out and try matching it with the On-Premises Device.

Regards,
Msrini

share|improve this answer

answered May 21 at 5:59

msrini-MSITmsrini-MSIT

101

share|improve this answer

answered May 21 at 5:59

msrini-MSITmsrini-MSIT

101

answered May 21 at 5:59

msrini-MSITmsrini-MSIT

101

answered May 21 at 5:59

msrini-MSITmsrini-MSIT

101