We have about 20 sites connected via IPSEC. After upgrading the NGFW, we have unstable IPSEC connection. Before that, IPSEC worked fine.
That means, sometimes IPSEC works, sometimes it wont even work for a few days on some sites. Its completely random and hard to trouble shoot.
我们有一个不同t Mikrotik hardware (RB2011UiAS-2HnD, hAP ac, hAP ac lite), different versions (6.49.2 and 6.49.7), different internet providers and types of connection (pppoe, static ip, dhcp client). Problem appears everywhere and we cant pin point the issue...
Temporary workaround we found out if you if you disable Peer in IPsec menu and reenable. Sometimes you just have to disable and reenable once. Sometimes you have to repeat this process a few times. Sometimes, this doesnt even work and after afew hours it just works if you disable peer again.
We have seen that if Mikrotik is initiator, IPSEC is alot more stable. But that is not always the case. IPSEC works too if mikrotik is a responder.
Once IPSEC doesnt work, Mikrotik act strange. You can see alot of established responders peers under Active Peers. Example in a photohttps://imgur.com/a/g7NdNysand log get spammed failed to pre process ph2 packet.
Sometimes both SA (from Mikrotik and NGFW) get wipe from Installed SAs. After you run ping tool to the NGFW local network, they came back. Not sure if this is related or not.
NGFW support told us "Mikrotik does not have same selectors (local 0.0.0.0/0 remote 0.0.0.0/0) as NGFW. And that is why VPN does not come up when initiated by NGFW. As the NGFW RBVPN selectors are hardcoded, you need to change the selectors in Mikrotik." In our case, IPSEC didnt worked if we set this in Policies.
No help so far from Forcepoint nor Mikrotik support so we are asking you community if you can help us solve this.