Skip to main content
Maxim_Vanichkin
Maxim_Vanichkin
Visitor III
December 24, 2015
Solved

Strange behavior of FG-300D and FortiOs 5.4

  • December 24, 2015
  • 3 replies
  • 20888 views

Hi!

 

Guys, I got some problems with new firmware. I use fg300d with FO 5,4. There is configured dial-in ipsec. Everything worked fine until now. All tunnels are hung up. All services are blocked except port forwarding so i could connect to putty's serial console. There are a lot of messages such as "unregister_netdevice: waiting for IPSec NAT_6 to become free. Usage count = 1". 

 

I event cant execute reboot. System just wrote that it is going to reboot bye-bye - and just continue to posts that error messages about netdevice. FG is situated in the data center, so i unable just to switch off and on it... 

 

I'm just in a jam... any help is highly appreciated... Thanks!

 

Best answer by cpetry

It's a bug in 5.4.0.  I have a long thread about this happening on my 1500D's that are in HA.  You can't use IPSec VPN Dialup right now; use SSL only.  Until they fix the bug in 5.4.1.

 

Note: Exact same IPSec error messages we were seeing.  Escalated to level 3 support which confirmed the bug.

 

Edit: Technically it happens anytime you *remove* an interface.  When a user disconnects from IPSec VPN Dialup it removes an interface and the bug surfaces.  So don't use IPSec VPN Dialup and don't remove interfaces for now (yeah I know...)

3 replies

Maxim_Vanichkin
Maxim_VanichkinAuthor
Visitor III
December 25, 2015

Update. After power recycle everithing looks good.

Maxim_Vanichkin
Maxim_VanichkinAuthor
Visitor III
December 25, 2015

fuf... problem is back...

again cant get into web interface and planty off warnings:

unregister_netdevice: waiting for IPSec NAT_6 to become free. Usage count = 2 unregister_netdevice: waiting for IPSec NAT_3 to become free. Usage count = 4 unregister_netdevice: waiting for IPSec NAT_1 to become free. Usage count = 18 unregister_netdevice: waiting for IPSec NAT_6 to become free. Usage count = 2 unregister_netdevice: waiting for IPSec NAT_3 to become free. Usage count = 4 unregister_netdevice: waiting for IPSec NAT_1 to become free. Usage count = 18

emnoc
emnoc
New Member
December 26, 2015

Open a ticket with TAC or downgrade from off FortiOS  5.4.

 

cpetry
cpetryAnswer
New Member
April 12, 2016

It's a bug in 5.4.0.  I have a long thread about this happening on my 1500D's that are in HA.  You can't use IPSec VPN Dialup right now; use SSL only.  Until they fix the bug in 5.4.1.

 

Note: Exact same IPSec error messages we were seeing.  Escalated to level 3 support which confirmed the bug.

 

Edit: Technically it happens anytime you *remove* an interface.  When a user disconnects from IPSec VPN Dialup it removes an interface and the bug surfaces.  So don't use IPSec VPN Dialup and don't remove interfaces for now (yeah I know...)

tanr
tanr
New Member
July 14, 2016

I know this is an old thread, but it looks like others have seen the issue as well (https://forum.fortinet.com/tm.aspx?m=138192).

 

Does anybody have a bug number for this?  Anybody confirmed if it is fixed in 5.4.1?

 

Thanks.

ecsupport
ecsupport
New Member
November 21, 2016

Any confirm of this resolved in 5.4.2? Sooooo many Resolved and Known issues, couldn't really tell. Besides 11/17 relnotes show two RESOLVED issues getting yanked back into known! Ay!

Terms & ConditionsAccessibility statement