Skip to main content
Mandalorian
Mandalorian
Explorer III
May 21, 2025
Solved

Fortigate 80F issue with shared-port speed 100 Mbps

  • May 21, 2025
  • 5 replies
  • 4287 views

Hello everyone!

I am having this problem with my FGT 80F release 7.6.2F build 3462, using a Fortinet SFP model FN-TRAN-SX.
Below is my environment:
- The device connected on the WAN 2 interface only supports speed 100 full.
- Whether connected via copper or fiber the WAN 2 interface is always set speed to 100 full.

- The device connected on the WAN 2 has only one fiber NIC. The connection to WAN2 copper interface is made through media converter.

Fault description

 

In the current release, the device connected on WAN2 is only seen if it is connected in copper, while the WAN2 interface in fiber remains switched off even if we disconnect the copper cable in the branch, following output when only fiber cable is connection on WAN2 interface

 

FGT-80F-1 # diagnose hardware shared-port wan2

Get nic name: wan2 medium type 2, Copper

 

even in the case of both cables disconnected on WAN2 the output of the following command does not change, as per your documentation (ART ID 333930) we expected “AUTO” as output.
Instead we have this output:

 

FGT80F-1 # diagnose hardware shared-port wan2

Get nic name: wan2 medium type 2, Copper

 

Instead, by downgrading the device to release 7.6.0F (3401), the WAN2 Fiber interface (set speed 100full) goes up correctly but does not communicate with the device connected to it.

Connecting the copper cable in 7.6.0, it is not seen by the device at all.

From official Fortinet documentation it appears that the BUG ID 1075585 (Shared copper WAN1 and WAN2 ports remain down when the interface speed is set to 100full) has been fixed as of version 7.6.1

 

Thank everyone in advance!

FortiGate

    Best answer by Mandalorian

    Hi @HarryTran !

    We have solved the problem !
    Now the LAN device directly connected to Fortigate is accessible and visible in the ARP Table.


    Last time, I told you that we had tested a new Fortinet SFP (again, model FN-TRAN-SX), fiber cables, and another LAN device.
    The decisive test was to change the SFP brand, no longer using the official Fortinet one that I had mentioned in previous communications.
    The SFP used is a FINISAR model FTLF1217P2BTL (I am attaching the manufacturer's datasheet).

     

    https://shop.fiber24.net/FOSF-FI-FTLF1217P2BTL/en?pk_kwd=;&pk_campaign=&gad_source=1&gad_campaignid=22016130164&gbraid=0AAAAAD7xBtvKuAER42bDLyl38fMpM2Bq4&gclid=Cj0KCQiAq7HIBhDoARIsAOATDxBD8MWyWQG8AqxaHep8mSOeFlOuaz3Xx4xMpdXJJ-Ztg0QoWcW4EkIaAse5EALw_wcB 


    Please let me know if I must purchase the Fortinet SFP model FN-TRAN-FX (100 Mb) and cannot use the FN-TRAN-SX (1Gb) ? that I already have.

    Datasheet Fortinet SFP.jpg

     



    I look forward to hearing from you.

    Best Regards

     

    5 replies

    HarryTran
    Staff
    HarryTran
    Staff
    May 21, 2025

    Hi @Mandalorian,
    Thanks for your information.
    I'll double check.
    Regards,
    Harry

      Mandalorian
      MandalorianAuthor
      Explorer III
      May 22, 2025

      Hi @HarryTran,
      We look forward to your feedback.
      Let me know if you need further information.

      Best regards

      HarryTran
      Staff
      HarryTran
      Staff
      May 22, 2025

      Hi Mandalorian,
      The issue has been raised to relevant team for investigation.

      Thanks again for your information.


      Regards,
      Harry

        Mandalorian
        MandalorianAuthor
        Explorer III
        June 3, 2025

        Hi @HarryTran,
        Have you had any updates from the team ?

        Best Regards

        Mandalorian
        MandalorianAuthor
        Explorer III
        October 16, 2025

        Hi @HarryTran,
        After some time, we were able to test what you suggested, but the problem persists.
        The Fortigate in question is running version 7.6.2F build 3462, but even forcing the SFP into fiber mode (with the command you suggested) doesn't recognize the connected device, and the arp table doesn't update.
        Please note that the device only supports 100 full speeds.

        We recently also tried the subsequent releases 7.6.3F build 3510 and 7.6.4F build 3596, but the symptoms remain unchanged.

        Finally, we also tested other fiber cables, SFPs, and another identical device to rule out any other causes.

         

        Best Regards

        HarryTran
        Staff
        HarryTran
        Staff
        October 16, 2025

        Hi @Mandalorian,

        Thank you so much for the update — really appreciate it! :smiling_face_with_smiling_eyes:

        Could you please let me know which SFP model you’re using?
        Also, when you have a moment, could you try running the following command and share the output?
           get system interface transceiver portxx
        That’ll help me double-check the issue from my side and make sure we’re on the same page.


        Warm regards,
        Harry

          Mandalorian
          MandalorianAuthor
          Explorer III
          October 17, 2025

          Hi @HarryTran,
          Thank you for your prompt response. In the meantime, I can provide you the installed SFP specification and the WAN2 interface configuration.

          Official FORTINET SFP model GBIC FN-TRAN-SX

          FGT80F-1# show system interface wan2

          config system interface

              edit "wan2"

                  set vdom "root"

                  set ip 192.168.100.1 255.255.255.0

                  set allowaccess ping snmp

                  set type physical

                  set device-identification enable

                  set lldp-transmission enable

                  set role lan

                  set snmp-index 2

                  set speed 100full

           

          The output you requested will follow in the next few days.

          Best Regards
          "This is the way"

          HarryTran
          Staff
          HarryTran
          Staff
          October 22, 2025

          Thanks @Mandalorian 

          Let me double check and keep you updated.

            Mandalorian
            MandalorianAuthor
            Explorer III
            October 23, 2025

            Hi @HarryTran,
            Just to remind you, the device connected to WAN 2 has only one network card and only has a fiber connection, supporting only 100 speeds, not auto. Furthermore, by connecting the same device on WAN 2 (Shared port RJ45) with mediaconvert (Fiber to Copper), we can see the Fortigate ARP Table populated, as I mentioned in my previous posts.

            HarryTran
            Staff
            HarryTran
            Staff
            October 24, 2025

            Hi Mandalorian,

             

            I double-checked on my side, and it’s working fine for me.
            From your screenshot, it looks like WAN2 is running in full-duplex mode — could you verify the duplex setting on the opposite end as well?
            Below are the exact steps I used for my test; hopefully, this information will help you reproduce the same results.


            FortiGate-81F # show system interface wan2
            config system interface
            edit "wan2"
            set vdom "root"
            set ip 10.255.1.200 255.255.255.0
            set allowaccess ping https ssh http
            set type physical
            set role wan
            set snmp-index 2
            set speed 100full
            next
            end

             

            After setting the speed at 100M, the medium mode is: copper.
            Change the medium to fiber: diagnose hardware shared-port wan2 fiber

            FortiGate-81F # get system interface physical wan2
            == [onboard]
            ==[wan2]
            mode: static
            ip: 10.255.1.200 255.255.255.0
            ipv6: ::/0
            status: up
            speed: 100Mbps (Duplex: full)
            medium: fiber
            FEC: none
            FEC_cap: none

             

            FortiGate-81F # exe ping 10.255.1.2
            PING 10.255.1.2 (10.255.1.2): 56 data bytes
            64 bytes from 10.255.1.2: icmp_seq=0 ttl=64 time=1.2 ms
            64 bytes from 10.255.1.2: icmp_seq=1 ttl=64 time=0.5 ms
            64 bytes from 10.255.1.2: icmp_seq=2 ttl=64 time=0.5 ms

             

            FortiGate-81F # diagnose hardware deviceinfo nic wan2
            Description :FortiASIC NP6XLITE Adapter
            Driver Name :FortiASIC NP6XLITE Driver
            Board :81F
            lif id :1
            lif oid :65
            netdev oid :65
            Current_HWaddr 84:39:8f:99:e0:ad
            Permanent_HWaddr 84:39:8f:99:e0:ad
            ========== Link Status ==========
            Admin :up
            netdev status :up
            autonego_setting :0
            link_setting :1
            speed_setting :100
            duplex_setting :1
            Speed :100
            Duplex :Full
            link_status :Up
            ============ Counters ===========

             

            On switch side:

             

            S124EP5919008695 # diagnose switch physical-ports summary | grep port25
            port25 up 8100 1 full 100M , , none

             

            S124EP5919008695 # get switch modules detail port25
            ____________________________________________________________
            Port(port25)
            identifier SFP/SFP+
            connector LC
            transceiver 10G-Base-SR
            encoding 64B/66B
            Length Decode Common
            length_smf_1km N/A
            length_cable N/A
            SFP Specific
            length_smf_100m N/A
            length_50um_om2 80 meter
            length_62um_om1 30 meter
            length_50um_om3 300 meter
            vendor Fortinet
            fortinet_pn P24852-01
            vendor_oid 0x009065
            vendor_pn FTLX8574D3BCLFTN
            vendor_rev
            vendor_sn N4CC3CL
            manuf_date 09/30/2020


            S124EP5919008695 # exe ping 10.255.1.200
            PING 10.255.1.200 (10.255.1.200): 56 data bytes
            64 bytes from 10.255.1.200: icmp_seq=0 ttl=255 time=0.7 ms
            64 bytes from 10.255.1.200: icmp_seq=1 ttl=255 time=0.6 ms
            64 bytes from 10.255.1.200: icmp_seq=2 ttl=255 time=0.8 ms
            64 bytes from 10.255.1.200: icmp_seq=3 ttl=255 time=0.6 ms
            ^C
            --- 10.255.1.200 ping statistics ---
            4 packets transmitted, 4 packets received, 0% packet loss
            round-trip min/avg/max = 0.6/0.6/0.8 ms

            Regards,

            Harry

              Terms & ConditionsAccessibility statement