VIP/IP-Pools stops working - ARP issue? 800C HA, A-A, 5.2.13

Question

Hello,An odd error - A lot of services suddenly went offline yesterday evening at a client's datacenter. Almost nothing regarding NAT worked. Most of the VIPs was dead - The logs are empty! No traffic! (Lots of users, webpages etc. Incoming traffic 24/7.) Failing over to other fw makes it work for a while. Same with reboots. Editing the VIP, like changing the public IP and then save might make it work for a while. The same with IP-Pools - Changing the pool in any way makes it work, for a while. The only outgoing NAT that actually works all the time is the interface address. All virtual addresses are totally unreliable. No strange traffic or load of any kind. ISP has no problems with routing, the prefixes are advertised, and we did a failover to backup router (VRRP/BGP) that's located in another DC - Same problem. Other vdoms has internet access and SNAT/DNAT also, and works. Other equipment (VPN-concentrator etc) works flawlessly, so think the ISP side of things are ok. Switches are ok. execute clear system arp table Did actually work a few times. Any ideas gentlemen? A bit lost with this one... (Will open a high prio case with TAC)

ericli_FTNT · Answer

Hi Richie, failure of device without any log left is always not good.

Did you double check the log setting? Do you deploy and central logging device like FortiAnalyzer? Your case is critical for us. Please keep updated. Thanks!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded