We are in the process of testing the Meraki MX68 and Teleworker security appliances as SOHO endpoints and we have noticed that IPSEC tunnels back to our Fortigate 200E running 6.04 are speratic at at best regardless of which Meraki MX we use. Has anyone been able to get a stable MX to Fortigate site to site VPN going that doesn't fall apart under load and start randomly dropping packets?
You mentioned dial-up VPNs. We are using P2P IPSEC. We are getting the same behavior across carries and Fortigate and Meraki modles. We have an MX68 going to a Fortigate 60e and a fortiwifi 60D. We also have a Teleworker Meraki doing the same. The Maraki's have run the latest firmware and just for testing we even updated to the beta 15.12 I believe is the current Beta. All Fortigates are running 6.04 or 6.05.. Does anyone else have success at these firmware levels running IPSEC under small loads the traffic drops.
Anybody out here doing a VPN to a Fortigate running some of the latter firmware in the version 6.x range? We are seeing our unstable VPN on Fortigates running 6.x. Older firmware looks to be working normally. We think this might be an issue on the Meraki side.
Thanks for your help.
I don't have a L2L vpn between fortigate and meraki but I do have fortigate for my edge firewall.
could you share your debug on VPN?
diagnose debug app ike 255 diagnose debug enable
Can you try and update one of your Fortigates to 6.x and see if you can get a tunnel to stay up with sustained traffic? We have access to many Fortigates and we have replicated the issue on all units. Ours are mostly Fortigate 60D and 60E units. I am able to get a tunnel up on a very old Fortigate 110c to an MX68 running 4.x firmware on the Fortigate. I'm using the default setting in the Meraki for the VPN connections.