Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unnamed
New Contributor

network outage after fgt and fortiswitch are in place

Hello,

 

I have a very strange situation.

I installed a FGT-51E and FSW-124E-FPOE with 6.2.3...

Since these systems are running users are reporting that they will be kicked out sometimes from the network. RDP sessions will be closed, program which are running on the server will be closed etc. And that is happening while they are working.

Very strange. I configured a ping test and during the "outage" the ping did not stopped.

I have no idea how to check what could be the root cause for that.

 

I configured two vlans (office and server) and assigned them as native vlan on the switch. Is this the correct way how to do that? On the firewall there is policy which is allowing the traffic without any restrictions.

8 REPLIES 8
M_M_SW
Contributor

Recommended use FortiOS 6.0.9 and SwitchOS 6.2.3 cause Resolved Issues

592111  : FortiSwitch shows offline CAPWAP response packet getting dropped/failed after upgrading from 6.2.2.

bmduncan34
New Contributor III

I believe you need to leave your native vlan (vlan1) alone in that Native VLAN field, and add the appropriate vlan (Office or Server) in the Allowed VLANs field. 

unnamed

very strange situation.

I had configured AD collector and after we disabled that the connection is now stable. I have no idea why the collector caused such network issues.

 

Thanks for the help.

MikePruett
Valued Contributor

What interface was the AD Collector using? Providing more details we can probably see what's up.

unnamed

Sorry some correction. I configured AD server pooling (i am not sure If that ist the same as AD collector). There was no option to configured an Interface
Jirka1
Contributor III

Hello,

How many users / groups does your domain have? I also tried AD collector on a small domain (about 30 users and FGT81E). And there was a very large increase in CPU load and traffic to/from DC. I set up a ticket then and it was explained to me:

 

The behavior you have described is rather normal as your Fortigate has to download all Windows event logs every few seconds and parse through them. The more event logs there are on your Domain Controllers, the more resources will be consumed on your Fortigate as unfortunately, this process is very intensive on resources. For this very reason, we provide FSSO Collector Agent that you can be installed on your Domain Controllers or any other domain-joined PC, which will do the CPU intensive tasks for you. This is the the recommended approach as the most CPU intensive tasks will be performed by your Windows Servers while your Fortigate can concentrate on Traffic related tasks. Recommended resources: FSSO cookbook: https://cookbook.fortinet...-advanced-mode-expert/ FSSO Agent modes: http://help.fortinet.com/...entication-54/FSAE.htm FSSO Collector Agent download: https://support.fortinet....ad/FirmwareImages.aspx >> / FortiGate/ v6.00/ 6.0/ 6.0.2/ FSSO/ FortiOS Admin guide: https://docs.fortinet.com...ager-6.0.1-admin-guide >> Section "Agent-based FSSO"

 

So I went back to the proven  model-DC Agent + Collector.

 

Jirka

unnamed
New Contributor

we are talking just about 5 users... 

CPU load was always stable and not high. 

 

Maybe its a bug or so.

 

romanr
Valued Contributor

Hi,

 

there is a known Bug in FortiOS 6.0.8, 6.0.9 and 6.2.3 which will randomly drop sessions when FSSO is being used.

 

Bug ID 582265

 

There are interim builds available - So better create a support case!

 

Br

Roman