Skip to main content
AfonsoAndrade
AfonsoAndrade
New Member
January 9, 2017
Question

Problem with LinkMonitor

  • January 9, 2017
  • 1 reply
  • 37548 views

Helo, I am with problem with link monitor in the FGT 100D 5.2.9. I did in of all, but the FGT no identify link is down.

 

Test:

### I disconnected the cable in the port1

 

# config system link-monitor edit "Link1" set srcintf "port1" set server "8.8.8.8" "200.221.2.45" set timeout 5 set failtime 3 set recoverytime 3 set update-cascade-interface disable next edit "Link2" set srcintf "wan1" set server "8.8.8.8" "200.221.2.45" set timeout 5 set failtime 3 set recoverytime 3 set update-cascade-interface disable next edit "Link3" set srcintf "wan2" set server "8.8.8.8" "200.221.2.45" set timeout 5 set failtime 3 set recoverytime 3 set update-cascade-interface disable next end

 

 

# diag test application lnkmtd 3 now_jiffies=448297941 'dmz': link=no, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=3171, broughtdown_jiffies=0 'ha1': link=no, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=3171, broughtdown_jiffies=0 'ha2': link=no, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=3171, broughtdown_jiffies=0 'mgmt': link=no, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=3171, broughtdown_jiffies=0 'modem': link=no, brought_up=0, brought_down=0, signal_sent=0, broughtup_jiffies=0, broughtdown_jiffies=0 'port1': link=no, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=297687, broughtdown_jiffies=0 'port10': link=no, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=3171, broughtdown_jiffies=0 'port11': link=no, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=3171, broughtdown_jiffies=0 'port12': link=no, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=3171, broughtdown_jiffies=0 'port13': link=ok, brought_up=0, brought_down=0, signal_sent=0, broughtup_jiffies=0, broughtdown_jiffies=0 'port14': link=ok, brought_up=0, brought_down=0, signal_sent=0, broughtup_jiffies=0, broughtdown_jiffies=0 'port15': link=no, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=3171, broughtdown_jiffies=0 'port16': link=ok, brought_up=0, brought_down=0, signal_sent=0, broughtup_jiffies=0, broughtdown_jiffies=0 'port2': link=no, brought_up=0, brought_down=0, signal_sent=0, broughtup_jiffies=0, broughtdown_jiffies=0 'port3': link=no, brought_up=0, brought_down=0, signal_sent=0, broughtup_jiffies=0, broughtdown_jiffies=0 'port4': link=no, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=3171, broughtdown_jiffies=0 'port5': link=no, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=3171, broughtdown_jiffies=0 'port6': link=no, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=3171, broughtdown_jiffies=0 'port7': link=no, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=3171, broughtdown_jiffies=0 'port8': link=no, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=3171, broughtdown_jiffies=0 'port9': link=no, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=3171, broughtdown_jiffies=0 'wan1': link=ok, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=295287, broughtdown_jiffies=0 'wan2': link=ok, brought_up=1, brought_down=0, signal_sent=0, broughtup_jiffies=296487, broughtdown_jiffies=0 lnkmtd::ping_epoll_callback(142): ping response 10.50.50.2, buf-sz=28

 

# get system link-monitor

== [ port1] name: WCS timeout: 5 == [ wan1] name: GVT timeout: 5 == [ wan2] name: CTBC timeout: 5

 

# diagnose sys link-monitor interface port1

Interface(port1): state(up, since Wed Jan 4 16:07:38 2017 ), bandwidth(27236), session count(0) latency(0.00), jitters(0.00).

 

# diagnose sys link-monitor st

PORT1 Status: alive Create time: Wed Jan 4 16:07:38 2017 Source interface: port1 (7) Source IP: XXX.XXX.XXX.170 Gateway: XXX.XXX.XXX.169 Interval: 5, Timeout 5 Fail times: 0/3 Send times: 0 Peer: 200.221.2.45(200.221.2.45) Source IP(XXX.XXX.XXX.170) protocol: ping, state: alive Latency(recent/average): 0.00/0.00 ms Jitter: 0.00 Recovery times(0/3) Continuous sending times after the first recovery time 0 Packet sent: 0 Packet received: 0 Peer: 8.8.8.8(8.8.8.8) Source IP(XXX.XXX.XXX.170) protocol: ping, state: alive Latency(recent/average): 0.00/0.00 ms Jitter: 0.00 Recovery times(0/3) Continuous sending times after the first recovery time 0 Packet sent: 0 Packet received: 0

 

-----------------------------------------------------------------------------------

 

the last time that i had this error, i removed the config at linkMonitor, reboot the FGT and I did configuration the linkMonitor again. After that, It came back work. But the problem retorn with the time.

    1 reply

    emnoc
    emnoc
    New Member
    January 9, 2017

    dumb questions

     

    1: is port1  really up

     

    2: does it have a  routes install on it

     

    3: can you set the source-ip and next-hop

     

    4: have  query the logs and the logdesc 

     

    e.g

     

     execute  log  filter  field  logdesc "Link monitor status"

     execute  log  filter  cat 1

     execute log dis

     

     

    AfonsoAndrade
    AfonsoAndradeAuthor
    New Member
    January 10, 2017

    1: is port1  really up

    --- Now It is UP, but when it down the status no change.

     

    2: does it have a  routes install on it

    ---- Yes, It has. I have 3 links and that link has very router.

    ---- in the test up I executed the command line "execute route restart". after I remove the cable in the port1.

     

    3: can you set the source-ip and next-hop

    ---- Excuse, but I didn't understand. Do you want a test "execute ping-options source" ?

    ---- Look bellow, Is that?

    edit "port1" set vdom "root" set mode static set dhcp-relay-service disable set ip XXX.XXX.XXX.170 255.255.255.248 set allowaccess ping https ssh snmp capwap set fail-detect disable set arpforward enable set broadcast-forward disable set bfd global set l2forward disable set icmp-redirect enable set vlanforward enable set stpforward disable set ips-sniffer-mode disable set ident-accept disable set ipmac disable set subst disable set status up set netbios-forward disable set wins-ip 0.0.0.0 set type physical set netflow-sampler disable set sflow-sampler disable set sample-rate 2000 set polling-interval 20 set sample-direction both set explicit-web-proxy disable set explicit-ftp-proxy disable set tcp-mss 0 set inbandwidth 0 set outbandwidth 0 set spillover-threshold 0 set weight 0 set external disable set description set alias "PORT1" set security-mode none set device-identification disable set lldp-transmission vdom set listen-forticlient-connection enable set broadcast-forticlient-discovery disable set vrrp-virtual-mac disable set snmp-index 1 set secondary-IP disable config ipv6 set ip6-mode static unset ip6-allowaccess set ip6-reachable-time 0 set ip6-retrans-time 0 set ip6-hop-limit 0 set ip6-address ::/0 set ip6-send-adv disable set autoconf disable set dhcp6-relay-service disable end unset dhcp-relay-ip set dhcp-relay-type regular set speed auto set mtu-override disable set wccp disable set drop-overlapped-fragment disable set drop-fragment disable

     

    edit "PORT1" set srcintf "port1" set server "8.8.8.8" "200.221.2.45" set protocol ping set gateway-ip XXX.XXX.XXX.169 set source-ip XXX.XXX.XXX.170 set interval 5 set timeout 5 set failtime 3 set recoverytime 3 set ha-priority 1 set update-cascade-interface disable set update-static-route enable set status enable

     

    4: have  query the logs and the logdesc

    ----- result: 

    0 logs found.

    0 logs returned. 6.8% of logs has been searched.

     

    I asked to remove the network cable, again. --- At Interface/port1 was change status down. --- At Log/System has the log "Link Monitor: Interface port1 was turned down --- At linkMonitor the status UP

     

    as the interface port1 is not status down in link Monitor, the firewall doesn't move the session to other port.

    emnoc
    emnoc
    New Member
    January 10, 2017

    hmm...

     

    Can you ensure logging is enabled for appliance and retest. Also it would not hurt to ensure that pings are being sent from  src x.x.x.x to the targets

     

    CLI

     

    diag sniffer packet port1 "src host XXX.XXX.XXX.170 and dust host 8.8.8.8" 4

     

    If you have no  packets being sent and on the same  interval, the LinkMon is not functional. With out a logged event  that makes it harder to isolate if the monitor is working 100% 

     

    ken

     

    Terms & ConditionsAccessibility statement