FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
Dialup IPSec sessions established with FortiClient may terminate after 1800 seconds.
Components
FortiGate v2.80
FortiClient
Steps or Commands
If a dialup IPSec tunnel has an underscore (_) in its Phase 2 name, existing sessions between a FortiClient user and a FortiGate unit may be terminated when the tunnel is rekeyed (re-negotiated). The default rekey timer for IPSec Phase 2 is 1800 seconds (30 minutes). You can configure this option on both the FortiGate unit and in the FortiClient software. This parameter is also known as the ‘keylife’ or the ‘lifetime’.
Workaround
Do not use the underscore character in IPSec Phase 2 names.
Solution
This issue was corrected in a post v2.80-MR11 release.
