Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Pedro_Sentinela
Contributor

VPN Site-To-Site

My client have a site-to-site checkpoint with checkpoint. This permanent tunnel presents the following behavior: 

 

TUNNEL STATUS CHANGE: Peer gateway *** has changed status to DOWN - Today, 5:45:21 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to UP - Today, 5:44:46 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to DOWN - Today, 5:35:19 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to UP - Today, 5:34:41 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to DOWN - Today, 5:09:53 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to UP - Today, 5:09:16 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to DOWN - Today, 4:59:36 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to UP - Today, 4:59:01 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to DOWN - Today, 4:49:31 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to UP - Today, 4:48:56 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to DOWN - Today, 4:39:18 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to UP - Today, 4:38:41 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to DOWN - Today, 4:34:16 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to UP - Today, 4:33:41 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to DOWN - Today, 4:13:53 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to UP - Today, 4:13:20 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to DOWN - Today, 4:03:44 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to UP - Today, 4:03:06 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to DOWN - Today, 3:53:35 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to UP - Today, 3:53:00 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to DOWN - Today, 3:38:21 PM
TUNNEL STATUS CHANGE: Peer gateway *** has changed status to UP - Today, 3:37:45 PM

This behavior extends for a period of 30 days that the maximum I can follow with the logs I have. Does anyone understand this as normal behavior or is it some sort of problem? My client doesn't have any problems stopping it from actually working. But at certain times of the day he faces a certain instability. Has anyone seen any similar behavior?

0 Kudos
3 Replies
G_W_Albrecht
Legend
Legend

Which CP version and Jumbo is running on both sides ? What does the logs from the peer tell you ?

CCSE CCTE SMB Specialist
0 Kudos
Pedro_Sentinela
Contributor

checkmates - 0- .png

The message is this:

TUNNEL STATUS CHANGE: Peer gateway *** has changed status to DOWN - Today, 4:59:36 PM

TUNNEL STATUS CHANGE: Peer gateway *** has changed status to UP - Today, 4:59:01 PM

And these messages go on for all the days that I monitored (30 days) and they happen in that short amount of time. A few seconds the tunnel goes from down to up and down again.

I would like to understand if a permanet tunnel should have this type of behavior, even with a certain oscillation in the VPN, the real scenario is not as pointed out in the logs.

0 Kudos
G_W_Albrecht
Legend
Legend

Customer has SMB appliance running Embedded GAiA - for these kind of devices, such an issue has been encountered before. I would suggest to upgrade to fw1_vx_dep_R80_20_40_992002665 first: sk176145: R80.20.40 for Quantum Spark Appliances

The SKs are very old, sk107735: VPN Tunnel status changes to DOWN/UP randomly on 1100 gatewaysk100316: VPN Tunnel status is 'Down' in Locally Managed 600/1100 appliance's GUI even though the VP..., but you can have a look. This is not an expected behaviour, so you should contact TAC to get it resolved. Please check what exactly is monitored for the VPN status.

CCSE CCTE SMB Specialist
0 Kudos