Applies To: Cloud-managed Fireboxes, Locally-managed Fireboxes
This topic describes common problems and solutions to troubleshoot a branch office VPN (BOVPN). This information helps you troubleshoot problems with BOVPN configuration and authentication. For more information about known issues with BOVPNs, go to Technical Search.
Establishment and Negotiation Issues
BOVPN Tunnel Fails Because of IKE Version Mismatch
Phase 2 Proposal or PFS Mismatch in BOVPNs
BOVPN Phase 1 Negotiation Fails Due to Encryption or DH Group Mismatch
Pre‑Shared Key Mismatch Prevents BOVPN Tunnel Establishment
Incorrect BOVPN Remote Endpoint Type Selected
Incorrect Interface or IP Selected for Gateway Endpoint
BOVPN Enters Error State After Fireware Upgrade
BOVPN Virtual Interface Tunnel Does Not Establish Between Fireboxes
Incorrect Gateway Endpoint IP Addresses or Endpoint Order Causes Tunnel Failure
Traffic Flow, Routing, and Operational Issues
One‑Way Traffic across an Established BOVPN Tunnel
Traffic Does Not Pass through Tunnel Due to Missing or Incorrect BOVPN Routes
IP Spoofing Errors Triggered by BOVPN VIF Traffic
BOVPN Tunnel Switching Not Supported for Active/Active FireCluster
BOVPN Traffic Dropped as Unhandled with a VIF Alias
BOVPN Virtual Interface IP Address Mismatch or Overlap
BOVPN Virtual Interface Tunnel Does Not Establish with a Third‑Party Device
Manual Branch Office VPN Tunnels
About Firebox Logging and Notification (Locally-managed Fireboxes)
Monitor Traffic on Fireboxes and FireClusters (Cloud-managed Fireboxes)