Issue
A Mobile VPN with IKEv2 client profile for Mac devices might disconnect from a VPN tunnel after approximately 24 minutes.
Workaround/Solution
In some cases, you can enable Perfect Forward Secrecy (PFS) for Phase 2 negotiations as a workaround. When you enable PFS, you must select the Diffie-Hellman Group 19 group.To enable PFS, from Fireware Web UI:
Select VPN > Mobile VPN > Configure.Select Security > Phase 2 Settings.Select Enable Perfect Forward Secrecy to enable PFS.From the adjacent drop-down list, select Diffie-Hellman Group 19.Click Save.
To enable PFS, from Policy Manager:
Select VPN > Mobile VPN > IKEv2.Select Security > Phase 2.Select the Phase 2 Settings tab.Select the PFS check box to enable PFS.From the adjacent drop-down list, select Diffie-Hellman Group 19.Click OK.
Download the new profile from the Firebox to your device.
