Trigger condition: 

1. Running v7.4.8.
2. For the two shared ports, WAN1/WAN2, SFP ports or fiber ports are in use and not the RJ45 port.

Symptom:

After the upgrade to v7.4.8, which requires a reboot, if the fiber port is used for the shared port, the port will stay down. While the media type can be manually changed back to fiber, it will reset to copper after a reboot or if the speed is changed on the port.

If there is LAG with WAN1/WAN2 as member ports, the LAG will be down since the member ports are down.

Cause: 

Due to bug 1084819, the media auto-detection feature stops working on v7.4.8; in these cases, it is set to the copper port by default. This will cause issues when the fiber port is in use.

When the port speed is changed, this will also trigger a reset of the medium type to copper, which is tracked by bug 1162489, also present in v7.4.8.

Use the command below to find the current medium type for the shared port.

diagnose hardware shared-port < wan1 | wan2 >

FortiGate-81F # diagnose hardware shared-port wan1
Get nic name: wan1 medium type 1, Copper

FortiGate-81F # diagnose hardware shared-port wan2
Get nic name: wan2 medium type 2, Copper

This issue has been resolved in:

• v7.4.9 (available to download from the Fortinet support portal).
• v7.6.4 (available to download from the Fortinet support portal).
• v8.0.0.

These timelines for firmware release are estimates and may be subject to change.

In the meantime, for those who require a workaround, follow the steps below.

Manual Workaround:

If the FortiGate can be accessed, the following command can be used to set the shared port to the correct medium type temporarily:

FortiGate-81F # diagnose hardware shared-port wan1 fiber
Set nic name: wan1 medium type 1, Fiber

However, the issue occurs again when the interface speed is changed or the device reboots.

Automatic Workaround:

The manual method above requires access to the FortiGate if encountering issues. If the shared ports are used for remote management, an automation stitch can be used to attempt to recover automatically if the port goes down.

The following CLI commands provide an example for the WAN2 fiber port with a 100Mbps speed. Customization is needed for an actual deployment scenario, such as WAN1 or the speed it runs. It is highly recommended to test the stitch before deployment and include the following scenarios: Code upgrade, port status down and up, unit power loss, and configuration change (if relevant).

Case 1: FortiGate start (address reboot case):

config system automation-action

    edit "Set_Fiber_Mode"

        set action-type cli-script

        set minimum-interval 60

        set script "diagnose hardware shared-port wan2 fiber"

        set accprofile "super_admin"

    next

end

config system automation-trigger

    edit "FortiGate started"

        set event-type event-log

        set logid 32009

    next

end

config system automation-stitch

    edit "WAN2_FiberPortAfterReboot"

        set trigger "FortiGate started"

            config actions

                edit 1

                    set action "Set_Fiber_Mode"

                    set delay 10

                    set required enable

                next

            end

    next

end

Case 2: Reset to the fiber port and change the speed to 100M.

config system automation-trigger

    edit "WAN2_Down"

        set description "Track interface-status-change events for wan2 down."

        set event-type event-log

        set logid 20099

            config fields

                edit 1

                    set name "msg"

                    set value "Link monitor: Interface wan2 was turned down"

                next

            end

    next

end

config system automation-action

    edit "Set_Fiber_Mode_100Full"

        set action-type cli-script

        set minimum-interval 10

        set script "config system interface

            edit \"wan2\"

                set speed 100full

            next

end

diagnose hardware shared-port wan2 fiber"

    set accprofile "super_admin"

    next

end

config system automation-stitch

    edit "Set_WAN2_100M_Fiber"

        set trigger "WAN2_Down"

            config actions

                edit 1 

                    set action "Set_Fiber_Mode_100Full"
                    set required enable

                next

            end

    next

end

Case 3: Set media type after HA failover.

config system automation-action

    edit "Set_Fiber_Mode"

        set action-type cli-script
        set minimum-interval 60
        set script "diagnose hardware shared-port wan2 fiber"
        set accprofile "super_admin"

    next

end

config system automation-trigger

    edit "HA Failover"

        set description "Default automation trigger configuration for when an HA failover occurs."
        set event-type ha-failover

    next

end

config system automation-stitch

    edit "WAN2_FiberPortAfterFailover"

        set trigger "HA Failover"

            config actions

                edit 1

                    set action "Set_Fiber_Mode"
                    set delay 10
                    set required enable

                next

            end

    next

end

Related articles:

Technical Tip: Understanding Shared Media interfaces on the FortiGate

Technical Tip: 100full speed option missing for the shared SFP ports of FortiGate 80F/81F