IKEv2 with Mac OS 10.15 Catalina

Cutting to the chase, here is the...

Problem: When connected to Firebox via IKEv2, device with OS 10.15 Catalina fails to rekey the connection and disconnects the employee at precisely 8 minutes (480 seconds).

Need: instructions on setting(s) to change on the MAC OS device or the Firebox to get it past the 8 minute mark.

Related important information:
1. Other MACs with older OS (10.12 Sierra) DON'T experience this problem
2. PC's don't experience this problem
3. This seems to be specific to a change that Apple made in their certificate acceptance on newer OS, and is a heavily documented problem on the internet.
4. Appliance: T50, version 12.5.3 (Build 616762)
5. The solution needs to be relatively simple in that the connecting computer is an employee owned device that I don't want to mess with at 'it's core'. Changing a few settings here and there is OK, but nothing too substantial, that I couldn't reproduce on a regular basis either.

Any help would be greatly appreciated.


  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Alan_S
    I'd suggest opening a case with support on this one so that they can raise your logging level and see what's failing on the rekey. Without logging I can't really advise what you might need to change.

    -James Carson
    WatchGuard Customer Support

  • Options

    Hi James and Alan (@Alan_S)
    DId you manage to get this resolved?

    I'm having the same issue with one of my users. The mac was on Catalina and have rebuilt this using Mojave. He has the same 8 minutes timeout issue. No other macs users in the company are experiencing this.
    Is there a setting that needs to be amended on the mac side to change from 480 seconds to e.g 8 hours which is 28800 seconds.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @dykaens
    I don't have any insight into cases unless someone mentions a case number. If you're running into this type of issue, the best I can do right now is suggest you open a support case.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.