Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 5309 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Possible bug: Issue in site to site VPN ipsec changing WAN interface

eclipse79

Hello,

I have an issue with site to site vpn IPSec. I suppose it is a bug.

Scenario:

You have 1 WAN port (port 2)

You have some created site to site VPN IPSEC (initiate the connection type)

Follow these steps to reproduce the issue:

- Configure a new WAN interface (in my case port 10)

- Disable previous WAN port (port 2)

- Change the VPN settings (listening interface to port 10 and local id, with new ip address)

- Save

You will not able to start the connection, an error will appear: "The connection's local interface is turned off. You can't activate or establish this connection.". So, the firewall continues to use port 2 instead of port 10.

To fix the issue, I simply needed to recreate the VPN profiles using the same settings of non-working profiles. This issue happened for my 2 VPN. So,  you cannot change the wan port used, after the creation of VPN profile.

F.



This thread was automatically locked due to age.
Parents Reply Children
Unfiltered HTML