Troubleshoot Branch Office VPN Tunnels

Branch office VPN tunnels require a reliable connection and matching VPN configuration settings on both VPN endpoints. A configuration error or network connectivity issue can cause problems for branch office VPN tunnels.

Monitor VPN Tunnel Status

To monitor the current status of branch office VPN tunnels, in Fireware XTM Web UI, select System Status > VPN Statistics. From this page you can also force a re-key of a VPN tunnel. For more information, see VPN Statistics.

Use Reports and Log Messages to Troubleshoot a BOVPN

To troubleshoot the cause of a branch office VPN tunnel problem, we recommend that you start here:

If you have confirmed that your branch office VPN endpoints are enabled and have matching VPN settings, but your VPN does not operate correctly, consider other conditions that can cause problems with a branch office VPN, and actions you can take that could improve the availability of the VPN.

For more information, see Improve Branch Office VPN Tunnel Availability.

About Tunnel Route Limits

It is possible to configure more branch office VPN tunnel routes than the number of active tunnel routes the device can support. The Firebox or XTM device cannot establish branch office VPN tunnel routes that exceed the maximum number set in the feature key. If the device attempts to establish a BOVPN tunnel that would exceed the limit, this message appears in the log file: License Feature(BOVPN_TUNNEL) enforcement: Reached maximum number of tunnels. A warning also appears in the VPN Statistics System Status page.

For more information about tunnel license limits and warnings, see VPN Tunnel Capacity and Licensing.

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base