Help
FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
riteshpv
Staff
Staff

Created on ‎03-07-2025 02:30 AM

Article Id 380814

Technical Tip: Config Sync Error 7 noticed for FortiSwitch in the FortiLink Mode

Description This article describes how the monitoring application (Zabbix) can cause a configuration synchronization error (Error 7).
Scope FortiGate v7.2 , FortiSwitch v7.2.
Solution

When configuration changes are pushed from FortiGate to FortiSwitch, the configuration may fail to sync, and the following error appears on FortiGate:


FortiGate # execute switch-controller get-sync-status all

 

Managed-devices in current vdom root:

FortiLink interface : FortiLink
SWITCH (NAME)      STATUS   CONFIG   MAC-SYNC    HTTP-UPGRADE
S124EXXXXXXXXXX   Up           Error           -                  -

[1]
command: https://10.10.17.1/api/v2/login
payload:
result : REST API connection failed with error 7

 

Troubleshooting Steps:

 

  1. Trigger Configuration Sync.

Running the following command may resolve the issue:

 

FortiGate# diagnose switch-controller trigger config-sync S124EXXXXXXXXXX

 

  1. Verify Network Connectivity.

    Possibly no issues should be observed with ping or SSH login to the FortiSwitch.

     

     

  2. Identify API Query Overload.

    This issue occurs when a monitoring application sends excessive API queries to FortiSwitch (e.g., general parameters such as CPU, memory, or port statistics).

     

    A high number of API requests may be received on FortiSwitch, while FortiGate registers only a few for the same switch.

     

     

  3. Validate API Requests.

  • Run the following debug commands on both FortiGate and FortiSwitch.
  • Start debugging and wait for the monitoring application's API query to occur, then stop debugging.


On FortiGate:


diagnose debug console timestamp enable
diagnose debug application httpsd -1
diagnose debug application flcfgd -1
diagnose debug cli 8
diagnose debug enable


On FortiSwitch:

 

diagnose debug console timestamp enable
diagnose debug application httpsd -1
diagnose debug application gui -1
diagnose debug enable


To stop the debugging:


Run the following command on both FortiGate and FortiSwitch:

 

diagnose debug reset

 

Observation: In the debug of FortiGate and FortiSwitch, the following API queries are received.

 

On FortiGate :

 

New GET request for "/api/v2/monitor/switch-controller/managed-switch/

 

On FortiSwitch:

 

Received '/api/v2/monitor/switch/

 

Root Cause and Resolution:

 

  • The issue occurs due to an incorrect URL filter in the monitoring application’s API query.
  • Ensure that API queries sent to a specific FortiSwitch use the correct URL format:


https://<FGT-Host-IP>/api/v2/monitor/switch-controller/managed-switch/port-stats?mkey=S124EXXXXXXXXX...

 

  • Use the following query fields:

 

Field                Value
mkey            {$SW.SERIAL}
vdom              root


By using the correct API query format, configuration synchronization issues can be avoided.
841
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.