Skip to main content
bhoot960
bhoot960
New Member
March 13, 2025
Question

Fortinet Crash - 7.4.7

  • March 13, 2025
  • 4 replies
  • 4777 views

Recently upgraded my firewall fleet (about 15 60f's, 2 100f's)

We're experiencing a crash of some sort every 2-4 days.

Of course a ticket has been opened and they're working it, albeit very very slowly. Pretty disappointed in their lack of urgency and overall continued lack of code quality.

The crash debug logs from the console session has:

NP6XLITE: __np6xlite_tunmgr_write:61 timeout

Not sure if anyone has seen this or knows anything about this issue ---- we're experiencing a high impact when this crash occurs, of course.

4 replies

AEK
SuperUser
AEK
SuperUser
March 15, 2025

As a troubleshooting step you may try disable the np6xlite processors for a couple of days just to see the behavior.

https://docs.fortinet.com/document/fortigate/7.4.7/hardware-acceleration/246096

Do it for every processor id.

This may add load to your CPU, so you need to monitor your CPU while the NP processors are disabled.

AEK
    SChundandavida
    SChundandavida
    Visitor III
    March 17, 2025

    We are also experiencing the similar issues, every 2-3 days the active primary gets restarted ever since upgrade to 7.4.7.

    the last reboot reason shows as power cycle

    system events in the device shows "Fortigate had experienced an unexpected power off!"
    Comlog log says as below (https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-the-COMLog-feature/ta-p/195390)
    Kernel panic - not syncing: Fatal exception in interrupt
    Rebooting in 5 seconds..

      Kangming
      Staff
      Kangming
      Staff
      March 17, 2025
      Customer Facing Description High CPU peak issue after upgrading to versions higher than the following ones:
      7.0.16, 7.0.17, 7.2.11, 7.4.6 or 7.4.7
          Workaround To disable IPsec phase1 npu-offload during the maintenance window

      FW1 #config vpn ipsec phase1-interface
      FW1 (phase1-interface) # edit <Phase1 Name>
      FW1 # set npu-offload disable
      FW1# end
          Trigger Condition np6xlite(soc4), np6lite(soc3) and np7lite(soc5) can all be affected.
      SecrIT
      SecrIT
      New Member
      March 17, 2025

      Hopefully Fortinet finds and resolves the bug as more and more customers of ours are running into this bug and forcing us to take the devices out of production and revert to previous vendors gear.

      Kangming
      Staff
      Kangming
      Staff
      March 18, 2025

      Dear customer, Our dev has investigated and made a code fix, which is expected to be resolved in the next GA version. I've reported your situation to the Dev and QA teams thanks for your feedback.

        SChundandavida
        SChundandavida
        Visitor III
        March 19, 2025

        Thanks, what is the tentative date set for next release?

        Terms & ConditionsAccessibility statement