Skip to main content
Magnitude_8
Magnitude_8
Explorer
January 7, 2025
Question

FortiExtender stops working on FortiOS 7.4.6

  • January 7, 2025
  • 4 replies
  • 7290 views

I've discovered what looks like a bug in FortiOS 7.4.6 and am posting this in case anyone else runs into the same issue. It's not currently listed as a known issue in the release notes.

 

After upgrading to FortiOS 7.4.6 on our FortiGate-80F firewalls, the connected FortiExtender stops working. The FortiExtender goes offline on the FortiGate. You can't re-authenticate the FortiExtender and if you delete it you can no longer add it again. This looks like a CAPWAP bug.

 

This is reproduceable on FortiGate-80F firewalls and downgrading to FortiOS 7.4.5 resolves the issue. FortiGate-60F doesn't seem to be affected and I haven't tested any other models.

 

I've logged a case with Fortinet so hopefully it appears as a known issue soon.

    4 replies

    Jean-Philippe_P
    Staff & Editor
    Jean-Philippe_P
    Staff & Editor
    January 10, 2025

    Hello Magnitude_8,

     

    Thanks for the information, I think it will be useful for a lot of people!

     

    Jean-Philippe - Fortinet Community Team
    Magnitude_8
    Magnitude_8Author
    Explorer
    January 11, 2025

    Turns out FortiOS 7.4.6 works fine with older Extender firmware. I’ve logged a ticket with support and it has been escalated. Will update when I have more information. 

      Kangming
      Staff
      Kangming
      Staff
      January 11, 2025

      Thanks @Magnitude_8,

      We can reproduce it in the lab. Bug 1114550 has been reported and Dev is investigating.


      The workaround found so far is:
      Reboot FortiExtender manually and the status can be restored to online after upgrading FGT from V7.4.5GA to V7.4.6GA.

        Godfreyagr
        Godfreyagr
        New Member
        January 11, 2025

        I am also running FGT 120G v7.4.6 and fortiextender 7.2.3 the fortiextender can be discovered by FGT but it is not able to provide Lan extension IP address to the Lan ports on the fortiextender therefore whoever connects to the fortiextender they are not able to access any network as the fortiextender Lan interface still shows 0.0.0.0/0. I have upgraded the fortiextender to 7.4.6 still getting the same error. I also cannot deauthiroze the fortiextender 

          Magnitude_8
          Magnitude_8Author
          Explorer
          January 13, 2025

          I suspect that there are problems with FortiExtender when using either FortiOS 7.4.6 on the FortiGate or FortiExtender firmware 7.4.6. I've tried multiple combinations of firmwares and some work and others don't. Sorry, I've lost track.

          I also found that a FortiGate HA cluster is somehow related. FortiOS 7.4.6 and Extender 7.4.6 work for me if one of my HA nodes is off but stops working once the secondary node comes up.

            IrshadK
            IrshadK
            New Member
            March 25, 2025

            HA and LACP Stops Working - v7.4.6 And v7.4.7

             

            I have observed the same problems with HA and LACP with versions v7.4.6 and v7.4.7 on platform FGT601F. It will work for some hours, then the network will be completely gone, total outage.

             

            Upon checking the logs from Core-Switches, we have observed that the LACP ports are suspended from the EtherChannel due to no LACP packets from FortiGate. This can be resolved by configuring LACP static/on at both switch and firewall ends.

             

            Again another problem faced, HA. The logs state that HA-packets missed on both configured HA-ports, and switching to active.

             

            Once reverted back to previous running version v7.2.10, everything started working fine.

             

            It seems like FortiGate stops sending packets like, HA-hellos, LACP hellos, etc.

            Terms & ConditionsAccessibility statement