We have multiple S2S VPN with many vendors but facing issue with Fortinet.
On our side we observe Phase 2 tunnel is up and packets are going out through Tunnel interface but no reply. Other party saying no issue on their end but once we restart that Phase 2 Proxy id, it starts working.
Just to inform you that we have multiple Proxy ids. all Proxy ids Tunnels comes up different time and face issue at different time so need to restart only that proxy id tunnel.
Kindly let me know how to troubleshoot it either issue is at our end or their end.
Just make your Palo Alto the VPN responder so you can see more details in the GUI System logs:
Also maybe the other firewall is using policy based VPN:
Are you checking the status of the IPSec from GUI? The status of the Phase-2 will stay UP (Green on GUI) as long as even 1 proxy ID is UP among all in Phase-2 tunnels.
Please check if the status of the proxy-ID is indeed UP? To check the status, run the below command from the CLI.
show vpn tunnel name <name-of-proxy-id>
You will get information like LOCAL PROXY ID, REMOTE PROXY ID, ports etc in output.
The VPN logs generated as responder gives more information as suggested by
You can review the system logs and ikemgr logs, during the issue time frame.
You can also refer to the below KBs:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!