Sometimes there were some issues with IPSec VPN tunnels on fortigate. Here some commands to clear the SA Sessions.
List the Tunnel VPN:
diagnose vpn tunnel list | grep name
Choose the name that you want to reset
diag vpn tunnel flush *Tunnel_NAME* diag vpn tunnel reset *Tunnel_NAME*
If this not works clear the sessions on firewall:
Create a filter which the IP that you want to clear.
diagnose sys session filter dst *IP_THAT_IS_STUCK*
Show if the filter shows the correct lines:
diagnose sys session filter
If is everything ok, clear the session:
diagnose sys session clear
Then flush and reset the VPN again (In both sides)
SysAdmin/DevOps Professional with strong Linux focus, experience with design and support of high availability webscale infrastructures and resilient database deployments.
Deep understanding of Linux, Cloud, Information Security and outsource support.
If you need to send me an encrypted mail. Please import my GPG key:
gpg –keyserver hkp://keyserver.ubuntu.com –recv-keys 63B19B1C52B7AC98033EAC670F6A2073E0EE5DC5
If this blog helps you, you could buy me a coffee: