Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 39 subscribers
  • Views 1768 views
  • Users 0 members are here
Options
Suggested

Possible bug: Issue in site to site VPN ipsec changing WAN interface

eclipse79

Hello,

I have an issue with site to site vpn IPSec. I suppose it is a bug.

Scenario:

You have 1 WAN port (port 2)

You have some created site to site VPN IPSEC (initiate the connection type)

Follow these steps to reproduce the issue:

- Configure a new WAN interface (in my case port 10)

- Disable previous WAN port (port 2)

- Change the VPN settings (listening interface to port 10 and local id, with new ip address)

- Save

You will not able to start the connection, an error will appear: "The connection's local interface is turned off. You can't activate or establish this connection.". So, the firewall continues to use port 2 instead of port 10.

To fix the issue, I simply needed to recreate the VPN profiles using the same settings of non-working profiles. This issue happened for my 2 VPN. So,  you cannot change the wan port used, after the creation of VPN profile.

F.



Added V20 TAG
[edited by: Erick Jan at 2:15 AM (GMT -7) on 6 May 2024]
Parents Reply Children
Unfiltered HTML