Technical Tip: Can not access to FortiGate unit after setting cfg-revert-timeout value

1. This may occur when configuring cfg-revert-timeout via CLI commands as below.

config system global

    set cfg-save revert

    set cfg-revert-timeout <xxx> <----- xxx is an integer value from <10> to <4294967295> (default = <600>).

end

2.  This may also occur when configuring FortiGate in the GUI under System -> Settings -> System Settings -> Workflow Management -> Configuration save mode -> Manual -> Revert upon timeout: Enable -> Insert integer xxx value: Seconds -> Apply.
   
   

3. When setting the cfg-revert-timeout value between 214748365 and 214748562, the issue is encountered and it is not possible to ping or access the FortiGate.
   
   

For example:

1. When setting cfg-revert-timeout to be 214748365, the FortiGate may show the following messages in the console port:

FGT login: unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

It additionally is not able to ping or access the FortiGate:

2. When setting cfg-revert-timeout to be 214748561, the FortiGate may show the following messages in the console port:

FGT login: System will reload in the next 214748375 seconds...

System will reload in the next 214748374 seconds...

System will reload in the next 214748373 seconds...

System will reload in the next 214748372 seconds...

System will reload in the next 214748371 seconds...

System will reload in the next 214748370 seconds...

System will reload in the next 214748369 seconds...

System will reload in the next 214748368 seconds...

System will reload in the next 214748367 seconds...

System will reload in the next 214748366 seconds...

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

It additionally is not able to ping or access the FortiGate after 10-20 seconds:

4. When setting the cfg-revert-timeout value to be 2147483649 and, near the 'There are unsaved changes' notice in the top right, the FortiGate will show a negative integer and may not be able to ping or access the FortiGate unit after that.
   
   

For example:

1. When setting the cfg-revert-timeout to be 2147483649, FortiGate may show the following messages in the console:

FGT login:  # unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

It additionally is not able to ping or access the FortiGate:

When pinging the FortiGate unit from the testing PC, it shows as follows:

Reply from 10.10.4.196: bytes=32 time=24ms TTL=253

Reply from 10.10.4.196: bytes=32 time=29ms TTL=253

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Reply from 192.15.6.254: Destination host unreachable.

Reply from 192.15.6.254: Destination host unreachable.

Reply from 192.15.6.254: Destination host unreachable.

Reply from 192.15.6.254: Destination host unreachable.

2. When setting cfg-revert-timeout to be 2147483665 and, near the 'There are unsaved changes' notice in the top right, the FortiGate will show a negative integer and may not be able to ping or access the FortiGate unit after that.

FGT login: System will reload in the next 2147483658 seconds...

System will reload in the next 2147483657 seconds...

System will reload in the next 2147483656 seconds...

System will reload in the next 2147483655 seconds...

System will reload in the next 2147483654 seconds...

System will reload in the next 2147483653 seconds...

System will reload in the next 2147483652 seconds...

System will reload in the next 2147483651 seconds...

System will reload in the next 2147483650 seconds...

System will reload in the next 2147483649 seconds...

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

unregister_vf: waiting for root to become free. rt_num = 1 vf_count=5

It is additionally not possible to ping or access the FortiGate after 5-10 seconds.

To fix this:

5. It is necessary to access the FortiGate via the console port with a console cable to reboot it unit with the following CLI command:

execute reboot

For example:

It will then be possible to ping and access the FortiGate after that.