FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 265309

This article describes the steps for troubleshooting CRC errors.

Scope FortiGate 5.X, 6.X and 7.X.

CRC errors are mainly Layer-1 issues. Check for physical connectivity issues.


  1. Change the cable connecting between these ports.


  1. Clear the counters and disable/enable the ports.


  1. If possible, try swapping the ports between switches.


  1. CRC errors and/or late collisions can be caused by a duplex mismatch. When one side of a link is configured on full-duplex and the other on half-duplex, it will display the CRC errors at the interface which is configured on full-duplex.


This problem occurs also when one side of a link is configured on auto-duplex and the other fixed (full-duplex).


Duplex mismatches cause very big performance problems, so be very sure both sites of a link are configured the same.


Check if the port speed/duplex settings are the same on both ends. There might be a duplex mismatch and change the speed via the following CLI commands:


conf sys interface

    edit <interface-name>

        set speed<1000full/10000half/100full/100half/10full/10half/auto>



  1. Verify counters:

diag netlink interface list name <interface>


To clear the counters:


diag netlink interface clear <interface


Troubleshooting Tip: Network Interface Card NIC commands.

Troubleshooting Tip : FortiGate interface error counters.


  1. Replace the cable connected to the port. Then re-run the command a few times.


If still increasing, replace the cable or SFP if used and check again.


  1. Try changing MTU on the given interface by editing the interface in GUI, selecting override default MTU value (1500), and entering the new MTU value. Do the same in CLI via:


config system interface

    edit xxxx

        set vdom “root”

        set mtu-override enable

        set mtu 9000 (for example)




Related articles:

Technical Tip: Prevent a log from being generated.

Technical Tip: DNS error logs showing in FortiAnalyzer.