Has anyone successfully been able to get Dead Peer Detection in any mode working on a centrally managed SMB gateway? We just installed FortiGates in our core to terminate the VPNs from our branch CheckPoints (1120s/1450s) and I noticed no matter what settings I use in GUIDBEdit to turn Dead Peer Detection on with permanent tunnels, the 1450 still just constantly sends Tunnel_Test keepalives which the FortiGate Drops.
I have looked at sk131292 and opened a TAC case based on it but the engineer either though this couldn't be done or it should be contained in newer hotfixes. I'm currently on the newest hotfix R77.20.87.
I do see that it says it's a resolved issue in R77.20.70 as well https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
I just want to do whatever I can to get this tunnel stable, I've tried changing the FortiGate IKE parameters to subnet mode, tried changing the CheckPoint to tunnel sharing Per Gateway, Per Subnet, Per Host, I've tried permanent tunnels off, I've tried DPD in every setting on the FortiGate side, I've tried using GUIDBEdit to change the tunnel keepalive mechanism on the 1450 between tunnel_test, passive and DPD but in any mode it just sends tunnel tests on port 18264.
I see the FortiGate keeps sending IPSEC-SA deletes constantly and Dead Peer Detection is what I keep coming back to so both sides agree on how to handle these.