Skip to main content
pgregor
pgregor
New Member
October 9, 2019
Question

Fortigate 60E - dropping internet connection

  • October 9, 2019
  • 1 reply
  • 23433 views

Hi, we have Fortigate 60E.

Last two months we have problem with unexpected breaking of 60E operation.

It breaks all traffic for few minutes and after that it starts operating (no admin action is required).

 

We have small office with up to 15 PCs and up to 20 virtual servers within our intranet. 

 

We have 2 internet connections and there is no problem with ISPs.

Both lines are stable with no outages.

The first internet line is about 20Mbit the second one is 5Mbit. 

The problem with Fortigate occures only if we use first (20Mbit) line.

 

If I disconnect WAN during the time of Fortigate outage and immediatelly I connect it back to Fortigate,

the Fortigate outgage is solved.

 

Thanks for any idea.

 

Petr

 

 

    1 reply

    Dave_Hall
    Dave_Hall
    New Member
    October 9, 2019

    Have you configured the two ISP connections under SD-WAN?  Have you set the ingress/egress values on both ISP connections? Does the Bandwidth history graph for the 20Mbit line show the connection being maxed out (what about the 5 Mbit line)?  What does FortiView shows which devices are using up most of the bandwidth?   Have you checked for duplex/speed mismatch or line cable issues?  (e.g. perform diag hardware deviceinfo nic <interface name> on the CLI and check for errors - perform the diag test again in a few mins if there are errors and see if the counters increase.)

     

     

    emnoc
    emnoc
    New Member
    October 9, 2019

    Also double check speed/duplex, just had this issue in a 60D where the ISP changed hardware and the FGT-nic would reset like every 9-12 mins. I had to lock the speed/duplex

     

    Ken Felix

    pgregor
    pgregorAuthor
    New Member
    October 10, 2019

    The ISPs are under SD-WAN. The main is 20Mbit line. When it is down, then 5Mbit line is switched (and back).

    There is no error in diag commands (wan1 is 5Mbit, wan2 20Mbit).

     

    We used the second ISP because of the main line was often down.

    When 5Mbit is used alone then no problem occurres.

     

    How to lock the speed/duplex? On interface wan?

    We have set Traffic Shapers only.

     

    Petr

     

    Info:

    FG-Orsia # dia hardware deviceinfo nic wan1
    Description :FortiASIC NP6LITE Adapter
    Driver Name :FortiASIC NP6LITE Driver
    Board :60E
    lif id :0
    lif oid :64
    netdev oid :64
    tx group :1
    Current_HWaddr e8:1c:ba:75:f7:d2
    Permanent_HWaddr e8:1c:ba:75:f7:d2
    ========== Link Status ==========
    Admin :up
    netdev status :up
    autonego_setting:1
    link_setting :1
    speed_setting :10
    duplex_setting :0
    Speed :1000
    Duplex :Full
    link_status :Up
    ============ Counters ===========
    Rx Pkts :16466947
    Rx Bytes :14658704761
    Tx Pkts :12558736
    Tx Bytes :2655143521
    Host Rx Pkts :7674970
    Host Rx Bytes :6527220133
    Host Tx Pkts :5883525
    Host Tx Bytes :663989880
    Host Tx dropped :0
     
    FG-Orsia # dia hardware deviceinfo nic wan2
    Description :FortiASIC NP6LITE Adapter
    Driver Name :FortiASIC NP6LITE Driver
    Board :60E
    lif id :1
    lif oid :65
    netdev oid :65
    tx group :2
    Current_HWaddr e8:1c:ba:75:f7:d3
    Permanent_HWaddr e8:1c:ba:75:f7:d3
    ========== Link Status ==========
    Admin :up
    netdev status :up
    autonego_setting:1
    link_setting :1
    speed_setting :10
    duplex_setting :0
    Speed :1000
    Duplex :Full
    link_status :Up
    ============ Counters ===========
    Rx Pkts :12498696
    Rx Bytes :10747982776
    Tx Pkts :9288245
    Tx Bytes :1628554518
    Host Rx Pkts :6966142
    Host Rx Bytes :5388007857
    Host Tx Pkts :4686829
    Host Tx Bytes :759243061
    Host Tx dropped :0
    Terms & ConditionsAccessibility statement