FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the required speed and mediatype settings on the FortiGate when an FN-TRAN-SX transceiver is used on an SFP port directly connected to a Cisco ASA firewall or Nexus switch.
Scope
FortiGate v7
Solution
If an SFP port on the FortiGate uses an FN-TRAN-SX transceiver and is connected to a Cisco ASA firewall or Nexus Switch, but the link does not come up, ensure the configuration is as follows:
The FortiGate interface is configured with 'set mediatype gmii'.
The FortiGate interface speed is set to 1000full, which disables auto-negotiation.
The Remote device interface has speed auto-negotiation disabled ('speed nonegotiate' on Cisco devices)
Example FortiGate configuration:
config system interface edit "port24" set vdom "root" set type physical set mediatype gmii set speed 1000full next end
If the remote device's interface is using an SFP module, it is recommended to set the media-type to SFP on the remote side: see the third-party CLI reference CLI Book 1: Cisco ASA Series General Operations CLI Configuration Guide. SFP media-type may not be available on all ASA models.
