Skip to main content
A
Anonymous_User
Contributor
June 28, 2009
Question

Connections drop randomly after upgrade.

  • June 28, 2009
  • 5 replies
  • 3990 views
Hi, After upgrading my FortiGate 60B from V3 MR7 patch 2 to a higher version (doesn' t matter which) the connections randomly drop. If I keep a ping running from internal to wan, and open a rdp connection to my home pc, all traffic stops for a moment. I tried updating and applying only a basic set of rules, but nothing works. Does anyone know a change in the software that could cause this behavior? Regards, Sander.

    5 replies

    g3rman
    g3rman
    New Member
    June 28, 2009
    Hi Sanderma, welcome to the forums. This is very unusual behaviour and has not been previously discussed as far as I am aware. Since you mention that this is a problem with various software versions I would suggest looking at all the interface settings such as speed and duplex on the firewall as well as the connected switches/routers. Sounds to me more like mismatch somewhere or a potential hardware problem with the firewall. Can you try testing between different interfaces? If there' s no difference and you can isolate the firewall by directly connecting some endpoints to each interface then I would RMA the unit.
    A
    Anonymous_UserAuthor
    Contributor
    June 29, 2009
    Since you mention that this is a problem with various software versions I would suggest looking at all the interface settings such as speed and duplex on the firewall as well as the connected switches/routers. Sounds to me more like mismatch somewhere or a potential hardware problem with the firewall.
    And indeed! The switch was set to 100 Mbit half duplex, and showed duplex errors. 
    diagnose hardware deviceinfo nic wan1
    didn' t show dropped packets, but that could be the MR7 patch 2 running (runs good). I will try to run V4 later on. Thanks for the useful tip.
    lmuir
    lmuir
    New Member
    June 29, 2009
    Same thing happened to mine after upgrade to MR7 P5. Didn' t worry too much about it since we are planning to go v4 shortly, which will hopefully not have the problem.
    A
    Anonymous_UserAuthor
    Contributor
    June 29, 2009
    g3rman, thank you for the welcome I will check the switches for errors (didn' t thought of that )
    Same thing happened to mine after upgrade to MR7 P5. Didn' t worry too much about it since we are planning to go v4 shortly, which will hopefully not have the problem.
    Well, I tried the versions 4 build 92 and 99. They both had this " problem" . Won' t give up though.
    A
    Anonymous_UserAuthor
    Contributor
    June 29, 2009
    I' d like to thank you. The connection is stable, so it seems MR7 patch 2 and before play nice with half duplex, but later versions don' t. Many thanks for the insight! Sanderma
    g3rman
    g3rman
    New Member
    June 29, 2009
    My recommendation is typically to set both devices to auto/auto and verify that they both negotiated the same parameters. If the switch was hardcoded to 100/half and the firewall was set for auto then you will run into the problems you described. The other option is to hard-code both devices. Did you know that hovering your mouse over the interfaces on the firewall status screen tells you what speed/duplex settings the interface is set to?
    A
    Anonymous_UserAuthor
    Contributor
    June 30, 2009
    Hi g3rman, Yeah, I set both devices to auto. The pix didn' t like that way back though. And I didn' t know that I could check it that way, but luckily I' m not afraid of some googling and the CLI
    Terms & ConditionsAccessibility statement