I’ve configured our HQ Fortigate 600C v5.2.2 to do an IPSEC tunneling with PEPWAVE MAX BR1 located in one of our office branches.
my goal is to have IPSEC redundancy over 3G when the DSL is out.
when the 3G is connected, the IPSEC status on both ends indicates ESTABLISHED but no packets are passing (none showing in the fortigate logs).
i was sure i was having configuration issues with the fortigate until i connected an ethernet cable to the WAN Port of the BR1, suddenly all is well, packets are passing between the two networks.
i unplugged the ethernet, IPSEC status remains ESTABLISHED but no packets are traveling over the tunnel anymore, connecting the Ethernet, traffic resumes.
There is internet connectivity when the 3G and when the Ethernet is connected. both working fine, only the IPSEC is giving me problems.
When the route 1st priority is set to WAN the Tunnel is UP and connected - working good.
when i set the 3G to be 1st priority the tunnel is up but packets do not flow.
regarding the fortigate ipsec profiles, i dont understand the question.
Base on the explanation, you are currently integrating the advance IPSEC VPN settings (Failed Over/Redundancy) between Max Br1 & FortiGate.
There are 2 issue that need to be consider here:
The reported issue may related to integration issue whereby the fail-over features for MAX Br1 may not able to be supported by FortiGate. As i have search around to verify whether what are the requires settings by the FortiGate in-order to achieve the fail-over but non of the VPN redundancy methods for FortiGate really discuss about this.