Phase 2 issues - traffic stops but no errors logged in fortigate firewall

You need to first take the packet capture on the FGT side by using the sniffer as below:

dia sniffer packet any “ host <DST IP> and icmp “ 4 0 l

Can you try to run the following debug to see if traffic is allowed and passing through the tunnel correctly:

diag debug reset

diag debug flow filter addr X.X.X.X (replace with destination IP) diag debug flow filter proto 1 diag debug flow show ip en diag debug flow show func en diag debug console time ena diag debug ena diag debug flow trace start 999

Use packet catpure in details -

diagnose sniffer packet <interface> ‘<filter>’ <level> <count> <tsformat>

<interface> ← — — Can be ‘any’ or particular interface such as wan1, port1, etc. ‘<filter>’ ← — — Can be ‘host 8.8.8.8’, ‘port 80’, ‘host 8.8.8.8 or port 80’, ‘host 8.8.8.8 and port 80’, etc.

count> ← — — The number of packets to capture. If 0 or no value is defined, unlimited packets will be capture until ctrl+c is used to stop. <tsformat> ← — — ‘a’ for absolute UTC time, otherwise relative to the start of sniffing.

for more details — visit our website — https://techclick.in