Description
This article clarifies how to mitigate Internet link flaps in certain scenarios.
Solution
Some modems, ComCast for example, are known to drop the network connection or reboot if they receive non-DNS traffic on UDP port 53 which is well known DNS port, but which is also used to connect to the FortiGuard service.
An example of log messages that can be observed in logs on FortiGate is shown below:
date=2099-05-03 time=17:12:50 logid=0100020099 type=event subtype=system level=information vd="root" logdesc="Interface status changed" action=interface-stat-change status=UP msg="Link monitor: Interface wan1 was turned up"
date=2099-05-03 time=17:12:47 logid=0100020099 type=event subtype=system level=information vd="root" logdesc="Interface status changed" action=interface-stat-change status=DOWN msg="Link monitor: Interface wan1 was turned down"
Note that it is not necessary that the Link Monitor feature is configured, this log message will appear in logs each time the physical link is lost.
This cause can be confirmed by connecting a switch between the FortiGate and a modem.
If the switch has logging functionality then the interface facing the FortiGate will be stable while the interface connected to a modem will be flapping.
The workaround is to use port 8888 for FortiGuard. This can be changed from GUI or CLI.
GUI
System > FortiGuard > Filtering
Select 8888 as “FortiGuard Filtering Port”
CLI
config system fortiguard
set port 8888
end
