New Member

Question

Switch blocking uplink to FG80F after 6.4.9 update

Forum|Forum|4 years ago
May 6, 2022
9 replies
9485 views

Last night I updated my Fortigate 80F from 6.4.8 to 6.4.9 and immediately lost connection to the LAN. I could still ping the Fortigate from the internet side, so on a hunch I checked the switch (a Unifi 24PoE) and noticed the port the 80F is plugged into was blocked. Disabling STP on the port makes everything work again. I'm not sure if it's a Ubiquiti problem or a Fortigate problem, but it had been running fine on 6.4.8 for months. There's only one connection between the 80F and the switch. RSTP priority on the switches is set to 4096 on the 24PoE and 8192 on a couple of downstream switches. I skimmed the release notes for 6.4.9 and nothing stood out that might cause this kind of issue...any ideas?

FortiGate

A

Anonymous_User

New Contributor III

Hello meliodes,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Fortinet Community Team

A

Anonymous_User

New Contributor III

Hi meliodes,

That issue would require in-depth investigation, and that would be best for you to create a support ticket for that to know the root cause.

Hope this helps!

Regards

RJ

Jeffcander

New Member

I have come across the same issue. Did you ever get this resolved?

jweisz

New Member

This just took down our entire network. I can't find any mention of spanning tree in the release notes for 6.4.9, and a technical tip in 2020 claims that FortiGates don't participate in STP, but... apparently they do now? You can switch STP off on the FortiGate interface, and you should be back in business.

alif

Staff

Hello @meliodes,

Please check if STP is enabled on the port that is connecting to Unifi switch.

config system interface

edit <interface_name>

show full | grep stp

If the above output shows STP is enabled, then this could be the reason that you lost access to the LAN.

jweisz

New Member

@alifThe issue in this case is not that STP is enabled (obviously, it is for this issue to occur). The issue is that STP was enabled (no config change) in 6.4.8, and did not cause this issue. So something about the 6.4.9 release changed STP functionality, and I don't see anything documented in the release notes. I am unsure if STP was just broken in 6.4.8, and 6.4.9 fixed it, or if some other change adjusted how STP determines if it believes there's a loop.

Fortinet needs to identify and document the related change.

alif

Staff

I did find an internal Engineering ticket that has a similar issue reported after firmware upgrade from 6.4.8 to 6.4.9. It's still being investigated and currently no fix is available.

MattPolichany

New Member

I'm having this issue as well on 7.2.0

Altice

New Member

Any update about this issue? i have exactly the same problem... The same version 6.4.9 on others equipments.

alif

Staff

The issue has been resolved in FortiOS 6.4.10.

It's mentioned in the "Resolved issues" section of FortiOS 6.4.10 release notes.

809366 - FG-40F with STP enabled on a hardware switch creates a loop after upgrading to 6.4.9.

https://docs.fortinet.com/document/fortigate/6.4.10/fortios-release-notes/289806/resolved-issues

syordanov

Staff

Hello meliodes,

I think are hitting bug No 0809366 which is fixed on 6.4.10.

dovid

New Member

I am not sure if this is related but I seem to be having this issue in 7.0.11. I am using a FWF-40F. It only happens when using a software switch. When I use a physical interface there is no problem. When I do a tcpdump on the interface that is associated with the software switch I see a bunch of STP packets coming out of the FortiNet device.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded