The underlying issue is that the interface based VPN will drop sometimes – the Fortigate may not even report the drop.Applications normally resend this data, so there is no loss, but there might be a noticeable delay in response to the user. Step#4 Egress packet flow (Fortigate firewall packet flow) After stateful inspection and flow or proxy-based inspection the packet goes through the following steps before exiting.I can say: Yes, the VPN ipsec Tunnel is connecting, and in FTG log i can see packets are comming in, but without answer. You can also run packet capture on multiple tunnels at the same time. FortiGate will route the traffic based on the regular routing table.Crypto stats per component (ASIC/software) of the Fortigate: encryption algorithm, hashing The next time the host resends the 1476-byte packet, the GRE router will drop the packet, since it is larger than the current IPv4 MTU (1376) on the GRE tunnel interface.
#FORTINET VPN CONFIGURATION PASSWORD#
Quick Tip: Once you configure VPN in the Forticlient, you can check the Save Password checkbox. Fortigate vpn tunnel dropping packets I moved from AES128 encryption to 3DES and that seems to make it more stable but I still lose packets.