Actions
Bug #16514
closed
IPsec key lifetime in P2 is limited to the lowest configured in all P2
Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
IPsec
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.8.1
Affected Architecture:
amd64
Description
Debugging an issue with duplicate SA we found that one had configured a key lifetime of 3600 while the other had configured 43200.
Despite that, both were setting their key lifetime to 3600. Which resulted in a conflicting configuration with the remote device (fortios 7.4.9).
It is unclear as of now if it sets it to the lifetime of the newest P2 or the lower common value, as testing hypotheses in production was deemed unwise.
Updated by
Actions