cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki MX to Fortigate IPSEC

Conversationalist

Meraki MX to Fortigate IPSEC

We are in the process of testing the Meraki MX68 and Teleworker security appliances as SOHO endpoints and we have noticed that IPSEC tunnels back to our Fortigate 200E running 6.04 are speratic at at best regardless of which Meraki MX we use. Has anyone been able to get a stable MX to Fortigate site to site VPN going that doesn't fall apart under load and start randomly dropping packets?

6 REPLIES 6
Head in the Cloud

Re: Meraki MX to Fortigate IPSEC

Yes, hundrets of MX65 using Dial-UP IPSec Tunnels to a Fortigate 1100D, running very good.

 

Conversationalist

Re: Meraki MX to Fortigate IPSEC

You mentioned dial-up VPNs. We are using P2P IPSEC. We are getting the same behavior across carries and Fortigate and Meraki modles. We have an MX68 going to a Fortigate 60e and a fortiwifi 60D. We also have a Teleworker Meraki doing the same. The Maraki's have run the latest firmware and just for testing we even updated to the beta 15.12 I believe is the current Beta. All Fortigates are running 6.04 or 6.05.. Does anyone else have success at these firmware levels running IPSEC under small loads the traffic drops.

 

Thanks!!!

Conversationalist

Re: Meraki MX to Fortigate IPSEC

Anybody out here doing a VPN to a Fortigate running some of the latter firmware in the version 6.x range? We are seeing our unstable VPN on Fortigates running 6.x. Older firmware looks to be working normally. We think this might be an issue on the Meraki side.

 

Thanks for your help.

Building a reputation

Re: Meraki MX to Fortigate IPSEC

I don't have a L2L vpn between fortigate and meraki but I do have fortigate for my edge firewall.

 

could you share your debug on VPN?

 

diagnose debug app ike 255
diagnose debug enable

https://cookbook.fortinet.com/ipsec-vpn-troubleshooting/

 

 

Conversationalist

Re: Meraki MX to Fortigate IPSEC

Can you try and update one of your Fortigates to 6.x and see if you can get a tunnel to stay up with sustained traffic? We have access to many Fortigates and we have replicated the issue on all units. Ours are mostly Fortigate 60D and 60E units. I am able to get a tunnel up on a very old Fortigate 110c to an MX68 running 4.x firmware on the Fortigate. I'm using the default setting in the Meraki for the VPN connections. 

 

MerakiDefault Site to Site.PNG

Building a reputation

Re: Meraki MX to Fortigate IPSEC

We will have to see your debug to identify which phase is breaking up.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.