Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
fmerin_FTNT
Staff
Staff

Created on ‎01-04-2016 04:21 PM Edited on ‎09-10-2025 10:12 PM By Moderator

Article Id 194757

Troubleshooting Tip: Verify FortiGate Configuration for SFP Transceivers

Description

 

This article describes that when small form-factor pluggable (SFP) transceivers are installed on the FortiGate, issues may be encountered with establishing a valid physical link.

Symptoms include associated ports being shown with the link down (red arrow icon) on the FortiGate Web Interface and link lights on the FortiGate device for the associated ports not indicating a link.

In this case, verifying the FortiGate configuration for the associated port is worthwhile.
 
Scope
 
FortiGate.


Solution

 

Show the full current configuration for the associated interface with the SFP transceiver installed:
 
config system interface
    edit <interface name>
show full
 
Show possible speeds/duplexes supported for the interface:
 
config system interface
    edit <interface name>
        set speed ?
end

Determine the speed and duplex settings of the other peer device terminating the link with the FortiGate's SFP transceiver and configure these settings manually on the FortiGate to match, i.e., to set to 1000M full-duplex, use these CLI commands:
 
config system interface
    edit <interface name>
        set speed 1000full
end

To verify that the speed has been manually set, use the following CLI commands, replacing <interface name> with the actual interface name (i.e., wan1, port1, etc.):
 
get system interface physical
diagnose hardware deviceinfo nic <interface name>
 

Note:
Ensure the transceiver is connected to the correct SFP+ slot. For example, a Gigabit Ethernet transceiver should be connected to a Gigabit Ethernet SFP+ slot on the FortiGate. Connecting it to a 10 Gigabit Ethernet SFP+ slot will not bring the link up.

 

When a valid physical link is established over the SFP transceiver, the FortiGate Web Interface should display the link as up (green arrow icon), and the link lights on the FortiGate device for the physical port should indicate an active link.

 

If the transceiver is connected at both ends, it should emit a laser signal from both sides (transmitter and receiver). To test this, point a cell phone camera at the laser (do not look directly at the laser beam to avoid eye injury). If a laser beam is visible on the transmitter and/or receiver, the optical signal has been established.

Labels:
42629
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.