FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the issue of ULL interfaces being down after updating FortiGate to version 7.4.9. It provides a step-by-step guide to troubleshoot and resolve the issue.
Scope
FortiGate.
Solution
To troubleshoot the issue of ULL interfaces being down after updating FortiGate to version 7.4.9, follow these steps:
Make sure to set FEC to ON in order to match the correct and accurate FEC value for Huawei switches.
This can be done by running the following command:
config system interface edit "x6" set vdom "Test" set type physical set mediatype sr set snmp-index 32 set forward-error-correction cl91-rs-fec set speed 25000full next end
Confirm whether the actually effective FEC is enabled or disabled by running the command:
diagnose hardware deviceinfo nic x6 | grep -i fec
Verify the configuration of the 25G interface and FEC on the other end's switch.
Supported FEC Modes (ULL Ports):
Mode CLI
Value
Use Case
RS-FEC (Reed-Solomon)
cl91-rs-fec
Default for most 25G/100G DAC/AOC and transceivers.
FC-FEC (Fire Code)
cl74-fc-fec
Legacy or specific Cisco/Juniper setups.
None
Disable
Direct-attach copper (DAC) with known no-FEC peers.
Notes:
Interfaces at both ends of a link must work in the same FEC mode; otherwise, the interfaces do not go up.
If their FEC modes are different, configure the same FEC mode on the interfaces when they work in non-auto-negotiation mode.
