FortiGate firewall and Aruze cloud tunnel interruption

Configuration scenarios ：

This article mainly explains FortiGate Firewall and Aruze Cloud building IPSECVPN after , How to deal with the problem of tunnel interruption .

Configuration steps ：

1. We are configuring firewalls and Aruze The cloud IPSECVPN After tunnel , Normal tunnel establishment , Data at both ends can also be accessed normally , At the same time, both ends are also provided with link-monitor monitor , But most of the time, the tunnel will be interrupted in oneortwo days , adopt Aruze You can see from the firewall log on the cloud “peer SA proposal not match local policy” Error of , Here's the picture ：

2. In this case, it is generally caused by inconsistent parameters in phase 2 .

Aruze On the cloud IPSECVPN Tunnel phase II generally does not DH Group selection , So in stage 2, I often choose None

Corresponding FortiGate The firewall needs to PFS Function off ：

After that, the tunnel will not be interrupted frequently because some parameters are inconsistent .