Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pjang
Staff & Editor
Staff & Editor

Created on ‎12-16-2025 09:40 PM Edited on ‎12-16-2025 09:41 PM By Staff

Article Id 423465

Technical Tip: FortiGate-200F/201F SFP+ optical transceiver still transmits signal when rebooted/shutdown (Resolved Issue)

Description

This article describes a known behavior of the FortiGate-200F/201F models where 10Gbps SFP+ optical transceivers continue to transmit signals even when the interface is administratively shut down or when the FortiGate is rebooted.

 

In some rare circumstances, this can cause link-detection issues with neighboring devices, though note that this issue does not occur when using 1Gbps SFP transceivers.
Scope FortiGate-200F/201F, SFP+ Transceivers.
Solution

When using v7.6.4, v7.4.9, or all earlier firmware for the FortiGate-200F/201F model specifically, the SFP+ transmit laser is not disabled when the system is power-cycled or when the interface is administratively disabled in FortiOS.

While most connected devices can tolerate this behavior, other devices may encounter link reestablishment issues when the FortiGate changes link state (such as when it is rebooted).

 

FortiGate 200F Series Physical Diagram.png

 

For example, one scenario when this problem occurred was with a 10Gbps optical link between a FortiGate-201F and a Ciena 3924 switch.

When the FortiGate rebooted, the Ciena switch interface would enter an error state and could not forward traffic to/from the FortiGate until the Ciena-side interface was disabled/re-enabled (i.e., both devices see their link state as up as reported in software, but the physical link lights on the Ciena were down and no traffic was passing).

 

The same pair of devices did not report any link-establishment issues when using a 1Gbps SFP transceiver instead of 10Gbps SFP+.

 

One contributing factor to this issue is that the FortiGate-200F/201F does not have hardware support for the SFP/SFP+ 'TX_Disable' pin, which is traditionally used to disable the transmit laser on an SFP transceiver.

This issue also went largely unnoticed since most devices can tolerate the always-on transmit laser from the FortiGate-200F without an error occurring, and so the issue went unreported until recently.

 

However, this issue has since been identified and resolved by Change #1154920, which was delivered in FortiOS 7.6.5 and 7.4.10. This fix results in the transmit laser now being disabled successfully when the FortiGate reboots or administratively shuts the interface down.

 

For clients that have not noticed any issues with 10GbE SFP+ link establishment, no changes are required. Otherwise, clients who have recurring link-establishment issues with SFP+ optical connections to the FortiGate-200F/201F are encouraged to upgrade to one of the resolved firmware versions mentioned above to see if that resolves the issue.
150
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.