Skip to main content
amiedzowicz
amiedzowicz
New Member
March 9, 2022
Question

Fortigate dropping traffic after a routing table change

  • March 9, 2022
  • 1 reply
  • 2650 views

I'm currently testing Fortigate version 7.0.5 in a GNS3 lab using the KVM image with an evaluation license and built a simple scenario with a LAN and a WAN connected to a simulated internet.

I've noticed that everything works OK but the moment I make any manual change to the routing table which could be adding/deleting static routes or even disabling an existing route, the next thing that happens is that all traffic is silently dropped.

Flow debugs show that the process gets to the point where it finds the route out but then nothing else happens, it doesn't even match the default implicit deny policy (ID 0). If I reboot the fortigate VM at that moment without making any further changes, everything starts working again until I make another routing table change and I need to reboot the VM to let traffic through.

 

Does anyone know if this is a behaviour that happens also in a physical Fortigate or the VMWare appliance? Maybe it has to do with the fact that I'm using an evaluation license or using GNS3 to test and it won't happen in production but, at the moment, it's concerning and I'm not sure if upgrading to 7.0.5 is a good idea

 

Thanks!

1 reply

Debbie_FTNT
Staff & Editor
Debbie_FTNT
Staff & Editor
March 10, 2022

Hey :)

I'm not sure what's happening with your FortiGate; I'm not aware of any issues causing FortiGate to freeze traffic-handling completely when routing changes occur.

What *should* be happening is that all sessions are marked as dirty, meaning they need to be evaluated through their policies again.

The VM model or evaluation licence should NOT be causing this behavior.

I don't know what troubleshooting you did already - such as check the crashlog?

With an evaluation licence, you should also be able to reach out to Technical Support for some in-depth assistance to see what's happening.

amiedzowicz
amiedzowiczAuthor
New Member
March 15, 2022

Thanks for the reply. I did some more testing and it looks like it's a glitch with GNS3. I have two Fortigates in my simulated lab and the moment I make a routing table change in one of them, it stops processing traffic. However, when I make a routing table change on the other one, the first one starts allowing traffic again so it must be a problem with GNS3

Terms & ConditionsAccessibility statement