Help
FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
riteshpv
Staff
Staff

Created on ‎05-16-2025 07:22 AM

Article Id 392137

Troubleshooting Tip: Issue upgrading the FortiSwitch due to sync error 60

Description This article outlines one possible cause for a FortiSwitch upgrade failure initiated from the FortiGate and how to resolve the issue.
Scope FortiGate v7.4 FortiSwitch v7.2, v7.4, v7.6
Solution

Upgrade attempts for FortiSwitch via FortiGate using FortiGuard or the manual upload method may fail and print the following message in the FortiSwitch Event Logs (Viewing event logs - FortiGate 7.6.3 administration guide) and filter under Log Description:

 

"Switch-Controller Switch Upgrade Status" / "Switch-Controller Switch Upgrade Error"

 

date=2025-04-12 time=11:38:10 eventtime=1111234786482920217 tz="+0200" logid="0115022894" type="event" subtype="switch-controller" level="error" vd="root" logdesc="Switch-Controller Switch Upgrade Error" user="Switch-Controller" ui="flcfgd" name="S248EXXXXXXXXX" sn="S248EXXXXXXXXX" msg="login: 10.255.1.2 failed during software upgrade"


date=2025-04-12 time=11:38:10 eventtime=1111234786495960314 tz="+0200" logid="0115022895" type="event" subtype="switch-controller" level="information" vd="root" logdesc="Switch-Controller Switch Upgrade Status" user="Switch-Controller" ui="flcfgd" name="S248EXXXXXXXXX" sn="S248EXXXXXXXXX" msg="software-upgrade: starting, image=/tmp/WTPIMGmCyIks"

 

During this, when executing the following command on FortiGate, a configuration sync error may be observed:


FGT # execute switch-controller get-conn-status
Managed-devices in current vdom root:

FortiLink interface : fortilinktest
SWITCH-ID (SERIAL)           VERSION              STATUS      FLAG   ADDRESS        JOIN-TIME                     NAME
Switch (S248EXXXXXXXXX)    v7.6.0 (1047) Authorized/Up   2E       1.1.1.2    Fri May 16 22:14:54 2025        -

 

FGT # execute switch-controller get-sync-status all
Managed-devices in current vdom root:

FortiLink interface : fortilink
SWITCH-ID (SERIAL)             STATUS   CONFIG    MAC-SYNC     HTTP-UPGRADE
Switch (S248EXXXXXXXXX)        Up        Error     Error                    -


[1]
command: https://1.1.1.2:443/api/v2/login
payload:
result: REST API login failed with error 60


Root Cause:
The error is caused by the tunnel-mode being set to strict. In environments where FortiGate is configured with multiple VDOMs, this setting is typically configured in the global VDOM.

 

To resolve the issue, change the tunnel mode from strict to moderate using the following command:


config switch-controller system
    set tunnel-mode moderate
end


Important Note:

  • After applying this change, the FortiSwitch will briefly go offline.
  • This does not typically affect clients connected to the FortiSwitch, but it is recommended to apply the change during a maintenance window or planned downtime.

 

After this command is applied, the FortiSwitch will reconnect and appear on the FortiGate with no sync error after a few minutes.

 

The firmware upgrade should then proceed successfully.
783
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.