Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JonasV
New Contributor III

L3 VLAN interface up, but IP/Network missing under locally connected network

Hi everyone, I’m faceing a strange issue on a FortiGate. I have two 100F running in an A-P HA Cluster. I have an aggregater interface connected to a Cisco Nexus 9K. The LACP between the Cisco switch and the 100F FortiGate is up and running. I’ve created serveral VLANs on the aggregated interface. They are working perfekt. Today I added another VLAN interface to the aggregated link on the FortiGate. I’ve confirmation that the MAC andres of the VLAN interface is pressent and detected on the Cisco Switch. However… The L3 IP that I have configured is up/up on the FortiGate, but I’m unable to ping the interface from the FortiGate itself. After some basic troubleshooting, I came across that the IP/network of the VLAN interface doesn’t show up under the locally connected part of the routing table. I’ve been unable to solve the issue so far. By the way, I’m running FortiOS 6.2.9.
Best regards
Jonas
NSE 4 | NSE 5 | NSE7 |
1 Solution
JonasV
New Contributor III

Root cause was found to be in the FortiOS 6.2.9
After upgrading to 6.2.10, this issue was resolved.

Best regards
Jonas
NSE 4 | NSE 5 | NSE7 |

View solution in original post

11 REPLIES 11
pkungatti_FTNT

Dear Jonas

Your issue required to verify configuration and do deeper troubleshooting. I would suggest to raise a ticket with Fortinet technical support.

 

Visit us at https://community.fortinet.com to get answers to questions, technical documentation, and collaborate with Fortinet global community.

Regards

Pratheesh Kungatti
Technical Support Manager, Fortinet Middle East



E: pkungatti@fortinet.com
T: 00971 44239650
Block B, 6TH Floor Office Park Building,
Dubai Internet city, Dubai, UAE
GDiFi
Staff
Staff

Can you post the output of the following as well as what IP address is on the interface?  A configuration of the interface could be helpful as well from #Config system interface.

 

# get router info routing-table database

 

JonasV
New Contributor III

I've created a TAC support ticket for the issue.

 

My findings so far is, that the networks are injected to the locally connected routing table if I create the interfaces directly onbox, either via GUI or CLI.

However since the FortiGate is managed via our FortiManager i'll usually create and push config from it. And it is when done via the Fortimanager that the issue occure

Best regards
Jonas
NSE 4 | NSE 5 | NSE7 |
JonasV
New Contributor III

Investigation so far suspects that the downgrade from 6.4.x to 6.2.x, might have resolved in this behavior.

Next step for me is to format the FortiGates, install FortiOS 6.2.x again and import config.
Hopefully this fixes the issue

Best regards
Jonas
NSE 4 | NSE 5 | NSE7 |
JonasV
New Contributor III

Root cause was found to be in the FortiOS 6.2.9
After upgrading to 6.2.10, this issue was resolved.

Best regards
Jonas
NSE 4 | NSE 5 | NSE7 |
Toshi_Esumi
Esteemed Contributor II

I wouldn't jump to the conclusion only because upgrading it to 6.2.10 solved the problem, unless you found it in the release notes. When you upgraded, it was rebooted and LACP needed to re-negotiate and sync again with remote on both FGT and Nexus side.

 

Toshi

JonasV
New Contributor III

Hi @Toshi_Esumi 

Root cause and the bug was identified as part of Fortinet TAC support ticket, and verified by their engineering staff.
As per their suggestion, I upgraded to 6.2.10 as they had solved the issue with this build.

Best regards
Jonas
NSE 4 | NSE 5 | NSE7 |
Toshi_Esumi
Esteemed Contributor II

Can you share the bug ID?

JonasV
New Contributor III

Sure.
The bug ID #0689317

Best regards
Jonas
NSE 4 | NSE 5 | NSE7 |