| Solution | See the article Technical Guide: How to perform an RMA replacement of a FortiGate for a start-to-finish guide of the RMA process. For common hardware issues, FortiGate TAC follows a standardized process for RMA verification. If a hardware issue is suspected, follow the steps below, including any additional steps indicated for the symptoms observed, and record the result of each step. Once complete, open a ticket with the device serial number and provide the recorded results and history of the issue. If assistance is required to collect the required information, connect to the FortiGate console port with a known good serial cable and call Fortinet Support for live help under an existing support contract. Console access: Attempting local access to the device using the serial console port is required for RMA verification. This applies even if the device is in a remote location and difficult to access. Console logs taken during boot or HQIP test allow TAC to screen for multiple known issues, and depending on the result, can allow quick recovery of a device without the need for RMA. Connect to the FortiGate CONSOLE port (not any other port, such as MGMT or internal LAN port) locally with a serial console cable, see Technical Tip: How to connect to the FortiGate and FortiAP console port. If there is a boot issue, power cycle the device to check for output. If there is no boot issue, the console is used to collect HQIP hardware diagnostic test results.
Required:
- Known good console cable.
- Known good Ethernet cable.
- Laptop compatible with the console and Ethernet cables.
- FortiGate serial baud rate (default 9600 baud).
Strongly recommended and often required: Note: If the unit cannot be shipped to a location allowing local access, a troubleshooting contact will have to travel to the unit with the necessary troubleshooting tools and call Fortinet Support for live assistance under an existing support ticket. Diagnostics are always required: - Description of the issue.
- Does the device boot up, and is a login screen presented.
- When the device was last in known good condition.
- What happened leading up to the issue (provide all that apply):
- Power Events.
- Water Damage.
- Firmware Upgrade (initial and target firmware version and how the upgrade was applied).
- Firmware Downgrade (initial and target firmware version and how the downgrade was applied).
- Device Relocation.
- Configuration Change (specify).
- External Devices attached (specify).
- New Feature Enabled (describe).
- HA Events.
- High CPU.
- High Memory.
- Other (describe).
- Describe the sequence of events leading up to the issue, being as descriptive as possible.
- If a Power Event occurred, provide the following:
- Power event type: Abrupt power loss or Graceful Shutdown/Reboot.
- If an abrupt power loss occurs, the reason for the loss is: an electrical storm, a power outage, a power surge, or unknown.
- If the device was plugged into a surge protector or a UPS.
- Verify if the earthing terminal provided on the back of the FortiGate is connected to a proper earth ground. The earthing terminal is behind a screw and labelled with the '⏚' symbol.
- Verify whether other devices in the same rack or location were also affected by the power issue.
- Confirm the serial number of the device having an issue and state the serial number explicitly.
- Whether this device will be a member of an HA cluster, and if so, the serial number of the other HA cluster member.
- Additional diagnostics, depending on the symptom, are indicated below.
Additional diagnostics required (device has no power):
- If there is any console output at any point during troubleshooting, the device has power: open a ticket with all output and responses collected so far. If local access is only available for a short time or a live session with Fortinet support is needed for another reason, call Fortinet Support under the device's support contract.
- Verify if the FortiGate has hot swappable PSUs. Hot swappable PSUs are a feature of some high-end firewalls, such as FortiGate 6000F, see Hot swapping an AC PSU. If the firewall has this feature, open a ticket for RMA investigation and provide a contact method and availability for live troubleshooting with FortiGate Support.
- Verify if there is any fan noise, or any of the LEDs on the FortiGate turn on (specify).
- If no fan noise or other LEDs, take pictures showing the FortiGate exterior, including ports, power supply, and LEDs.
- Connect to the FortiGate console port as described in the 'Console Access' section above.
- Power cycle the device while connected and verify if there is any output showing in the terminal application.
- Verify the serial console cable works with other devices.
- Ensure the console cable is connected correctly and the correct COM port and baud rate (default 9600) are selected on the computer.
- Take a video or picture showing the power cable connected to FortiGate and the console cable connected from the computer.
- Connect the power adapter to a different power outlet and check if there is any output on the console.
- If another power adapter and cable is available, test connecting the other power adapter to the FortiGate and a known good power outlet. Check if there is any output on the console.
- Open a ticket with console output (including no output) and responses collected so far. Provide troubleshooting contact details and availability in case live troubleshooting is needed.
Additional diagnostics required (device has power but does not boot): - Connect to the FortiGate Console port as described in the 'Console Access' section above.
- Power cycle the device while connected to the console and verify if there is any output showing in the terminal application.
- If there is console output, open a ticket with all output and responses collected so far. If local access is only available for a short time or a live session with Fortinet support is needed for another reason, call Fortinet Support under the device's existing support contract.
- Verify the serial console cable works with other devices.
- Ensure the console cable is connected correctly and the correct COM port and baud rate (default 9600) are selected on the computer.
- Take a video or picture showing the power cable connected to FortiGate and the console cable connected from the computer.
- Open a ticket with console output (including no output) and responses collected so far. Provide troubleshooting contact details and availability in case live troubleshooting is needed.
Additional diagnostics required (device boots and can reach the login page, but a network interface link does not establish): - If the issue happened after a firmware upgrade or downgrade, it is likely a software issue, in which case RMA will not resolve the issue. Open a support ticket to troubleshoot the link issue. Consider reverting to the previous firmware and configuration to maintain connectivity, as shown in Technical Tip: Selecting an alternate firmware for the next reboot.
- Verify the issue also occurs with a known good cable/transceiver.
- If the device is in production, review the steps below and schedule a maintenance window to perform an HQIP test with local access to the firewall.
- Take a current configuration backup with a super_admin administrator account and verify console access to the FortiGate.
- Factory reset the firewall, see Technical Tip: How to reset a FortiGate with the default factory settings/without losing management access.
- Perform an interactive HQIP test following the article Technical Tip: RMA - HQIP test (with built-in FortiOS diagnostic commands) and collect the output. Note that the test is interactive and requires connecting the FortiGate to itself using known good Ethernet cables.
- Take a picture showing the port connected, either back-to-back with the FortiGate or to another device. The picture should show the link light.
- If the device is in production, restore the firewall configuration and reconnect it to the network.
- Open a ticket with HQIP test result and responses collected so far. Provide troubleshooting contact details and availability in case live troubleshooting is needed.
Device boots but has another suspected hardware issue: Open a ticket with the diagnostics taken so far and the HQIP test result if applicable. A remote session with FortiGate support will likely be required, provide troubleshooting contact details and availability. For live help, call Fortinet Support. Common False Positive: Device boots, but intermittently hangs until manually power cycled - Review the system event log (from the System Events log page).
- Note the time of known outages.
- Collect the output of 'execute tac report'.
- Take a configuration backup.
- Open a support ticket for initial troubleshooting as a potential memory issue. See this article: Troubleshooting Tip: How to do initial troubleshooting of high memory utilization issues (conserve mode). Provide troubleshooting contact details and availability in case live troubleshooting is needed.
Common False Positive: Device boots, but intermittently reboots. - Connect to the firewall console port with a computer for long-term monitoring. See this article: Troubleshooting Tip: How to deal with a Kernel panic.
- Verify there is no automation stitch to reboot the FortiGate, for example, see this article: Troubleshooting Tip: Potential Reason for FortiGate intermittently rebooting without major hardware or software issue.
- Take a configuration backup.
- Open a support ticket for initial troubleshooting as a potential kernel panic issue. If possible, include console output at the time of the issue. Provide troubleshooting contact details and availability in case live troubleshooting is needed.
Related documents: Technical Guide: How to perform an RMA replacement of a FortiGate Technical Tip: FortiCompanion to RMA Services Technical Tip: High availability split brain
Real-time file system integrity checking Troubleshooting Tip: Memory Conserve Mode after upgrading to FortiOS v7.6.6 due to large number of 'http_authd' daemons Technical Tip: FortiGate-70G/71G experiencing unexpected reboots after upgrading to FortiOS v7.6.5 or later (known issue) |
