Hey, all! I am running out of things to check and thought I would give this a try to see if anyone could think of some other things I could try to track down my issue.
Problem:
At random times, on random days, my ends users at HQ will loose connectivity to multiple resources in Azure. Some of the traffic is sent IPSEC to a Fortigate-VM in Azure, the rest is Bomgar (also in Azure) via https over internet. All other traffic on the network, including internet, appears to be unphased and with no packet loss. Failures last 10-45 minutes at a time. During this time, neither FG recognizes a tunnel failure. Users connected to Bomgar have their sessions terminated and are unable to re-connect until failure clears.
Users outside the HQ building can access the resources with no issue mostly ruling out the Azure side of things.
My Network:
On HQ Side-
Access Layer (Cisco) -> Core (Cisco) -> Fortigate 100D (FW 6.0.4) -> Internet
On Azure side -
Servers -> Fortigate-VM (FW 6.0.4) -> Internet
Completed Troubleshooting Steps:
- Confirmed IPSEC configurations match on both sides of tunnel
- Set traffic shapers on HQ side (I see dropped packets on the FG side now, however not on the policy for the Azure resources)
- Upgraded 100D to 6.0.4 (also had issue on older FW)
- Confirmed with service provider that I am not over utilizing circuit
- My help desk onsite runs pings to multiple endpoints to see what traffic is loosing packets and confirms there is only loss on traffic to anything living in Azure
- Called FG support but there isn't much they can do since we are unable to replicate the issue
Has anyone else experienced something similar?
No comments:
Post a Comment