Technical Tip: Intermittent reboot when FortiGate handles IPv6 traffic with IPS profile
| Description | This article describes an under-investigation issue that may cause a FortiGate handling IPv6 traffic to reboot unexpectedly under specific traffic conditions. |
| Scope | All platforms, all firmware versions before FortiOS v7.4.12 and v7.6.7. FortiGate is handling IPv6 traffic, IPS profile is configured on the firewall policy. |
| Solution | Note: The issue requires specific configuration and traffic conditions to reproduce, and there are several other possible causes for a firewall reboot. If unexpected reboots have not occurred before, it is likely another issue.
Diagnosis: A console log taken at the time of the crash, or comlog if available, may show the following output if encountering this issue:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 Call Trace:
See the following articles for information on collecting a console or comlog:
If an unexpected reboot occurs on FortiGate 70G/71G, refer to the article Technical Tip: FortiGate-70G/71G experiencing unexpected reboots after upgrading to FortiOS v7.6.5 or later (known issue).
Workaround: Remove the IPS profile from firewall policies handling IPv6 traffic.
config firewall policy edit <index> unset ips-sensor next end
Resolution: The issue is tracked internally by ID 1214384. A fix for this issue is scheduled for inclusion in FortiOS v7.4.12 and v7.6.7. |