Azure VPN to fortinet problems

Sergio 1 Reputation point
2021-01-14T12:34:14.187+00:00

I have problems with an azure VPN site to site.

Im trying to connect a virtual machine in azure with my corporative active directory domain.

It works but only for two minutes. Then the VPN tunnel doesnt have any traffic and it goes down.

But when i make a ping from my corporative network to the azure machine the vpn start working well for two minutes, and after again the same problem.

My local vpn client is a fortinet.

Can you help me with this issue?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,555 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Andreas Baumgarten 111.1K Reputation points MVP
    2021-01-14T14:37:47.713+00:00

    The Azure VPN Site-To-Site Connection is "always on". There is no option for an idle-timeout of a VPN session.
    The "timeout/disconnect" config should be on the side of the "Fortigate".
    You should check on the Fortigate device for a timeout on idle-timeout setting of the VPN connection.


    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    0 comments No comments

  2. SaiKishor-MSFT 17,236 Reputation points
    2021-01-14T19:12:01.66+00:00

    This is expected behavior for policy-based (also known as static routing) VPN gateways. When the traffic over the tunnel is idle for more than 5 minutes, the tunnel will be torn down. When traffic starts flowing in either direction, the tunnel will be reestablished immediately.

    Please refer to- https://learn.microsoft.com/en-gb/azure/vpn-gateway/vpn-gateway-vpn-faq

    To address this issue, you can setup a IP SLA or equivalent in Fortinet which can continuosly send data through the vpn and will keep the VPN up all the time. Here is a document that talks about the same for Fortinet- https://mickx009.org/2020/03/07/fortigate-link-monitor-cisco-ip-sla-equivalent/

    Hope this helps.

    Remember:

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Want a reminder to come back and check responses? Here is how to subscribe to a notification.

    0 comments No comments

  3. Sergio 1 Reputation point
    2021-01-15T11:50:37.06+00:00

    Hi again,

    I have configured the autokey keep alive, but still dont working.
    I will try with your solution with link monitor.

    If anyone more have tried this solution please report to know if it really works.

    Thanks.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.