I have an issue on a 200F, running 7.2.8. I have two EMAC vlans. One where the ansible host is running (VLAN1818). And another that is shared across multiple firewalls and vdoms across the network (VLAN0998).
I have an ansible playbook with 20 tasks in it. When the ansible host is on vlan 1818, If I start the playbook it will randomly fail on any of the 20 tasks. If I try often enough it may make it through all 20 tasks.
If I move the ansible host to vlan 998 the playbook will complete 100 percent of the time across the 100 tests I have performed.
This does not appear to impact 200E, 201E, 101E, 60F, 1100E, or 1500Ds that also share this architecture. It is only the 200F that is experiencing this problem.
Hello aguerriero,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards,
Hi aguerriero,
While we wait for a reply, I can give some analysis/recommendations from my limited knowledge.Sorry this is taking longer than usual.
It's unusual this is only occurring on 200F. Is the configuration definitely the same as it is on the other models tested?
I recommend the following:
Feel free to contact TAC support if these don't work out and you need the 200F setup running.
The vlans are emac vlans all other systems in 1818 work just fine. If there was a vlan or tagging issue there would be more problems for other systems.
The firewall policy is isolated to test this. I have a permit all all all from the ansible system to the vlan 998 subnet. UTM, logging, inspections of any kind are disabled. Also this would not explain why sometimes all tasks complete and sometimes it stops at a random task that fails with an no response error from the API endpoint. Firewall policies should not be intermittently blocking allowed traffic.
Resource utlization is fine.
All firewalls are running 7.2.8 which is the latest firmware.
Packet capture shows that the API sometimes just doesn't respond or send back any traffic after the initial TCP handshake.
Hi @aguerriero,
Please disable offloading on firewall policy and see if the issue persists.
If possible, please upgrade to FortiOS 7.4 version as well as it could be something specific on 7.2.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.