Skip to main content
tnxxxx59
tnxxxx59
Explorer II
January 6, 2025
Question

Fortigate Interface Disconnected Frequency

  • January 6, 2025
  • 1 reply
  • 2513 views

Dear All,

 

I have strange trouble, I have 2 Fortigate running HA (A-P), and have 2 internet connected (internet leased line). 

Line 01 is working well, but line 2 , its flap down around 30 seconds, interval ~ 30 minutes. During this happened, I can not ping from outside to this public IP address, and also can not ping to internet use this Source IP.

 

Between FWs and ISP, I have switches to share internet line. I checked packet drop on the switch, and did not see drop packet stats.

(FW FGT  <--> SW L2 <--> ISP)

Are there any you guys see same problem ?

 

Thank you !

1 reply

funkylicious
SuperUser
funkylicious
SuperUser
January 6, 2025

Hi,
In the logs on the FW and SW, what do you see in the logs about the interface in question when it flaps?

"jack of all trades, master of none"
    tnxxxx59
    tnxxxx59Author
    Explorer II
    January 6, 2025

    Hi @funkylicious 

    I check loged and see link-monitor warned : link down (can not ping to 8.8.8.8)

    Screenshot 2025-01-06 142641.png

     

    FW interface has static ip and I have default gateway.

    I try tcpdump (diagnose) in FW, and see when it happen, FW can sent packet icmp out (icmp request) but no icmp reply.

    Screenshot 2025-01-06 143423.png

    And I can not ping from outsite to my public ip, but can ping public GW (ISP)

     

    In switches, I checked whether packet dropped or not, and see no packet drop.

     

    funkylicious
    SuperUser
    funkylicious
    SuperUser
    January 6, 2025

    In this case, I would contact the ISP for line02 and ask them if they are having issues for this service and RFO/ETR.

     

    L.E.

    Based on the link-monitor logs, the configured monitor towards the destination is not always fulfilled/reachable. You might need to also take a look at the config of the link-monitor to not be too 'aggresive' in interval. I think that public servers like 8.8.8.8 and others have implemented in the recent past some restrictions and might be a false positive if it's a too short interval.

    "jack of all trades, master of none"
      Terms & ConditionsAccessibility statement