Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
travisroth
New Contributor

FortiGate 60E

I have a FortiGate 60E, brand new, V6.2.3 build1066 (GA).

 

If I plug my laptop (Mac with Gigabit network card) into interface Internal1 - it shows 1000Mbps/full duplex on the GUI and lights up green on the display nearly instantly.

 

If I plug either a Cisco or Engenius unmannaged Gigabit network switch into Internal1, it takes a few seconds to "light up", but when it does, it shows up as 100Mbps/Full Duplex and amber light. I have confirmed these switches are operating on gigabit and all devices plugged into them show 1000Mbps.

 

If I unplug the switch and plug the same laptop into the Internal1, it then shows only 100Mbps, until such time I physically reboot the FortiGate 60E. Then it goes back to 1000Mbps.

 

This issue will follow any port on the FortiGate except for WAN. My laptop always shows up 1000Mbps. Plug in gigabit switch, and the port goes to 100Mbps. Then the same laptop cannot connect on that port any faster than 100Mbps until a reboot.

 

Thoughts?

 

 

 

 

 

7 REPLIES 7
simonorch
Contributor

what happens if you set the port to 1000mbps full?

 

do you get the same issue if you disable/enable the port?

NSE8 Fortinet Expert partner - Norway

ede_pfau
Esteemed Contributor III

I suggest you give up von v6.2 at the moment, and run v6.0.9. There are some issues to be sorted out, some of which pertain to MTU handling. Just a thought.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
James_G

Have you broken the internal switch into individual ports. First thing I do with new units.

tioeudes

try to force the port speed to 1000full

 

confyg system interface

edit port xxx

set speed 1000full

end

 

Dave_Hall
Honored Contributor

You can perform a diag on the interface from the CLI using diag hardware deviceinfo nic <interface> eg. diag hardware deviceinfo nic internal1 Output should be something similar to the following... Description        Fortinet 92D Ethernet Driver System_Device_Name    internal1 Current_HWaddr        90:6c:ac:00:00:00 Permanent_HWaddr    90:6c:ac:00:00:00 State            up Link            up PHY Link        up Speed            1000 Duplex            full port:             0 def vid            4094 cur_vid            4094 netdev_running        1 pci_rx        0 Rx_Packets        341499               Tx_Packets        615994               Rx_Bytes        58315364             Tx_Bytes        220265980            What you are looking for is the duplex/speed value and any rx/tx errors or any errors for that matter.  If there are errors,  wait 2-3 mins then repeat the diag commands to see if the error counts increases. (This is assuming you have something plugged into that interface port.) Use show system interface internal1 to see how the internal1 port is configured.  (cmd will not show default values.)

 

Use show full system interface internal1 to display the full configuration on internal1.  If duplex/speed is set, it should show up as "set speed <value>".

 

You can force the duplex/speed on internal1 by using:

 

config system interface edit "internal1" set speed 1000full next end

To set the interface to auto negotiation, use:

 

config system interface edit "internal1" unset speed next end

 

It's been suggested to disable/enable the interface, which you can do from the CLI:

 

config system interface edit "internal1" set status (up|down) next end

If both sides of the connection is confirmed to be set to auto negotiation, I really find this problem odd - I suggest forcing the interface to 1000full then perform further testing - check via the diag cmds what that interface is reporting and/or disable/enable the interface and/or powercycle the switch. etc.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

travisroth

Dave Hall wrote:

You can perform a diag on the interface from the CLI using diag hardware deviceinfo nic <interface>

 

Here is the output for the interface and the hardware switch. 

 

Description     :FortiASIC NP6LITE Adapter
Driver Name     :FortiASIC NP6LITE Driver
Board           :60E
lif id          :3
lif oid         :67
netdev oid      :67
tx group        :0
Current_HWaddr   e8:1c:ba:ec:27:d7
Permanent_HWaddr e8:1c:ba:ec:27:d7
========== Link Status ==========
Admin           :up
netdev status   :up
autonego_setting:0
link_setting    :0
speed_setting   :100
duplex_setting  :1
Speed           :100
Duplex          :Full
link_status     :Up
============ Counters ===========
Rx Pkts         :1
Rx Bytes        :60
Tx Pkts         :0
Tx Bytes        :0
Host Rx Pkts    :1
Host Rx Bytes   :46
Host Tx Pkts    :0
Host Tx Bytes   :0
Host Tx dropped :0
FragTxCreate    :0
FragTxOk        :0
FragTxDrop      :0
 
RPM # diag hardware deviceinfo nic internal
Description     :FortiASIC NP6LITE Adapter
Driver Name     :FortiASIC NP6LITE Driver
Board           :60E
lif id          :12
lif oid         :76
netdev oid      :76
tx group        :0
Current_HWaddr   e8:1c:ba:ec:27:d7
Permanent_HWaddr e8:1c:ba:ec:27:d7
========== Link Status ==========
Admin           :up
netdev status   :up
autonego_setting:1
link_setting    :1
speed_setting   :1000
duplex_setting  :1
Speed           :1000
Duplex          :Full
link_status     :Up
============ Counters ===========
Rx Pkts         :8199608
Rx Bytes        :3228643786
Tx Pkts         :8833945
Tx Bytes        :4754641061
Host Rx Pkts    :3253882
Host Rx Bytes   :449029866
Host Tx Pkts    :2449571
Host Tx Bytes   :479060991
Host Tx dropped :0
FragTxCreate    :0
FragTxOk        :0
FragTxDrop      :0
Member Ports    :
		[00]: internal1
		[01]: internal5
		[02]: internal6
		[03]: internal7

 

When I try to force the interface to 1000, I get -61 error.

(internal1) # set speed 1000full
 
command parse error before 'speed'
Command fail. Return code -61

 

As the device is now in production, converting the interface1 to be standalone, like others have suggested instead of part of the switch, will take some afterhours time. 

 

I have tried everything else suggested in this thread, from power cycling, to forcing 1000 (getting the -61 error).

 

Adam_Tormey

I just encountered this same problem, my wan1 port on our FortiWiFi 60E was uplinking to a netgear unmanaged 1G switch. Speed was 1000 full. I removed the netgear switch and now wan1 goes up to a Cisco 3500 switch, the speed is now 100 full...

 

I tried to force 1000 full on the wan1 interface, the system allowed it but them my interface went down;

========== Link Status ========== Admin :up netdev status :down autonego_setting:0 link_setting :1 speed_setting :1000 duplex_setting :1 Speed :10 Duplex :Half link_status :Down

 

When I set the interface back to auto, it reconnects at 100 full. Going to open a tac case to see if they can shed some light on this.