Help
FortiSIEM Discussions
lcwoods529
New Contributor

Created on ‎01-04-2024 12:07 PM

Maintenance mode hanging

Good afternoon,

 We have several devices that go into maintenance mode each Friday until Monday morning because they are on-demand servers. When the period ends, the devices seem to hang in maintenance mode. This only occurs for one organization. Fortinet support has not been of much help. Has anyone seen this issue before and have any solutions to offer. I am NOT our primary admin and can not access the deeper functions but can ask our admin to try certain suggestions

FortiSIEM #6.7.8

588
0 Kudos
6 REPLIES 6
FSM_FTNT
Staff
Staff

Created on ‎01-04-2024 12:47 PM

are you sure this is for FortiSIEM and not a different Fortinet product?

577
0 Kudos
lcwoods529
New Contributor
In response to FSM_FTNT

Created on ‎01-04-2024 12:50 PM

Yes, I am sure. 

576
0 Kudos
Secusaurus
Contributor

Created on ‎01-04-2024 10:22 PM

Hi lcwoods,

 

I suppose, the TAC already asked a couple of these questions, just to dig deeper into that:

  • What is your definition of "hang in maintenance mode"? Are they not triggering incidents? Is there an indication in CMDB or elsewhere showing "maintenance"?
  • What is your exact definition of the maintenance window? (can you share a screenshot?)
  • You state that it is only affecting one organization. Did/can you setup the exactly same maintenance window on another org just to verify? In which view did you create the window (global or inside the org)?
  • Obviously, the TAC will have a look at the AO logs. I don't think, it's good to share them here publicly, but you might want to have a look at these ones (and their errors) by yourself? (I usually start by investigating the AOLogs\appsvr\phoenix.log.gz)

I am pretty sure, TAC should be the one to solve that if it's kind of a bug (perhaps share the ticket id with @FSM_FTNT), but depending on your answers we might uncover a config flaw.

 

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner
FCP & FCSS Security Operations | Fortinet Advanced Partner
540
0 Kudos
lcwoods529
New Contributor
In response to Secusaurus

Created on ‎01-05-2024 10:33 AM Edited on ‎01-05-2024 11:25 AM

Once a device goes into maintenance mode and after the set period has elapsed, it will not receive any metrics. If we attempt a rediscover we receive the error message "device is currently under maintenance" even though the time has elapsed. Fortinet has already reviewed the AO logs. In fact, several admins have. They could  not find anything useful. Their solution is to upgrade to the latest version. For various reasons, that is not a viable solution currently. 

528
0 Kudos
PartBhat
Staff
Staff

Created on ‎01-05-2024 11:21 AM

Let me try to reproduce it. 

525
0 Kudos
PartBhat
Staff
Staff
In response to PartBhat

Created on ‎01-06-2024 09:53 AM

The eng team is unable to reproduce it.  Reproduction attempt steps are as follows.

 

1. Discover a device via SNMP - Success

2. Schedule the device to be in maintenance mode

3. Discover the device while in maintenance mode -> discovery fails

4. Let maintenance mode pass and discover the device -> discovery succeeds

 

Testing was done for both Enterprise and Service Provider versions.

 

Next step would be to provide evidence of failure with detailed steps and screenshots to Support. They can create a mantis bug with this information.

 

 

496
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.