Technical Tip: FortiGate-700G/701G link down after upgrade from v7.2.11 to v7.4.9

Matt_B · ‎10-12-2025

Description

This article describes a known issue for FortiGate-700G/701G on v7.2.11 that can cause the link to be down after upgrading to later firmware versions.

Scope

FortiGate-700G/701G, upgrading from v7.2.11 firmware to later versions.

Solution

After upgrading these models from v7.2.11 to v7.4.9, the existing speed setting is retained, but automatically adjusting to a lower bandwidth does not occur. This will cause the link to be down after the upgrade if the peer side does not support the speed configured in FortiOS.

On a FortiGate-700G/701G running v7.2.11, the default speed setting for the copper Ethernet ports wan1, wan2, and lan1 to lan6 is '5000auto', and some relevant speed settings are not available.

config system interface

edit "lan6"

set speed 5000auto

config system interface

edit "lan6"

set speed ?

1000auto 1000M auto-negotiation.
2500auto 2500M auto-negotiation.
5000auto 5000M auto-negotiation.

The 'set speed 5000auto' setting should force the FortiGate to only accept links at 5000 Mbps speeds. In v7.2.11, the link can incorrectly negotiate and operate at a lower speed, ie, if the peer does not support 5000 Mbps, the link will still come up.

FortiGate-700G # diagnose hardware deviceinfo nic lan6
{...}
==== Current Link Settings =====
auto-nego :Enable
s_status :Up
s_speed :5000 <---- Link should only establish 5000 Mbps.
s_duplex :Full
FEC :OFF (0x2)
FEC_cap :None (0x0)
SerDes_if :SGMII
SerDes_if_cap :SGMII,SR,CR (0x2c)
SerDes_dflt :2
pm_mode_setting :0
pm_mode :0x0
pm_mode_dflt :0
pm_port :No
medium_mode :0
==== Link Status ===============
Admin :Up
link_status :Up <---- Link should not be up. It will be down after the upgrade to v7.4.9.
Speed :100
Duplex :Full
==== Netdev Status =============
dev_running :Yes
dev_carrier :On

Workaround:

If the peer device supports 1000 Mbps or greater:

Before upgrading from v7.2.11, configure the following on any FortiGate ports that must operate at speeds lower than 5000 Mbps:

config system interface

edit "wan1"

set speed 1000auto <----- 'set speed 2500auto' if peer device supports 2500M.

After upgrading to v7.4.9 or later, verify that the link is established as intended.

diagnose hardware deviceinfo nic wan1

If the peer device supports 100 Mbps only:

Upgrade to v7.4.9 or later while having local console access or access to the device over the management 'mgmt' port. After the upgrade, configure any ports needing to operate at 100 Mbps to 'set speed auto':

config system interface

edit "wan1"

set speed auto <---- Or 'set speed 100auto'.

Available speed options in v7.4.9 and later:

config system interface

edit "wan1"

set speed ?

auto Automatically adjust speed.
100auto 100M auto-negotiation.
1000auto 1000M auto-negotiation.
2500auto 2500M auto-negotiation.
5000auto 5000M auto-negotiation.

Note: Since v7.4.9 is the first official release for 701G, the upgrade path matrix is not available in the GUI might be expected and the upgrade scenario might not be considered when do interface default speed setting changes.

Related document:

FortiOS 7.4.9 Release Notes - Known Issues

Technical Tip: FortiGate-700G/701G link down after upgrade from v7.2.11 to v7.4.9

You are leaving our website