Created on
09-05-2023
06:33 AM
Edited on
09-05-2023
06:35 AM
By
Anthony_E
Description | This article describes how restoring a Full-config backup in a Gen2 chassis device causes FPCs to go into a dead state and offers a solution. |
Scope | Applicable for Gen2 FG-6300F, FG-6301F, FG-6500F and FG-6501F. |
Solution |
Use a config backup taken from the GUI or backup taken from the CLI using 'execute backup config'.
In the 6K Gen2 device, the MBD has 32G memory, but FPC has 64G. Therefore, some FPC default configurations are unsuitable for MBD and vice versa. Full-config includes default hidden configurations which will cause FPCs to go into a dead state when a Full-config backup is restored.
The default max size of memory global-setting is 337438883 on MBD, but it is 675833937 on FPC, the socket-size of IPS global default is 128 on MBD, and it is 256 on FPC as shown below.
config log memory global-setting show full-configuration config log memory global-setting
show full-configuration config log memory global-setting
config ips global show full-configuration config ips global end
config ips global show full-configuration config ips global ...... end
When a Full-config backup is restored, the MBD log memory max-size changes from '337438883'(default) to '675833937'(FPC default value) to trigger the problem as shown below.
diagnose sys confsync showcsum global log.memory.global- ========================================================================== ========================================================================== ========================================================================== ========================================================================== ========================================================================== ========================================================================== ========================================================================== ========================================================================== ========================================================================== ==========================================================================
When a Full-config backup is restored, the MBD IPS socket max-size changes from '128' (default) to '256'(FPC default value) to trigger the problem.
========================================================================== ========================================================================== ========================================================================== ========================================================================== ========================================================================== ========================================================================== ========================================================================== ========================================================================== ========================================================================== ==========================================================================
As visible in the below output, all of the FPCs in the device went into a dead state after restoring the full-config backup.
diagnose load-balance status Slot 1:
Solution: To get rid of the problem, restore the config backup taken from the GUI or the backup taken from the CLI using 'execute backup config'.
Related article: Technical Tip: Information on FortiGate-6000F series Gen1 and Gen2. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.