Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Archers_Wong
New Contributor

All Interface Dead

Hi All

 

i have 100D and work normally, but after i downgrade from 6.0 to 5.2, i found all the port not work but i can access CLI and check hardware dialogic without any error, have any idea what problem? cannot ping, access, i confirm allow ping and access in CLI, even i run exe ping local network, not function also 

9 REPLIES 9
hubertzw
Contributor III

Can you ping any host from the FG?

Can you ping yourself?

Did you follow upgrade/downgrade path?

 

Can you show us the output?

 

get system arp

diagnose ip address list

brycemd

it might have destroyed the switch interface and it's members?

 

do a 'show sys int' , 'show sys swi' , and 'show sys virtual-swi'

 

See if they align with what you are expecting, 6.0 to 5.2 is quite the jump. I'd be surprised if it went smoothly. At least if you don't want to do a factory reset.

rwpatterson
Valued Contributor III

Personally, I would restore a backup taken under 5.2. There may have been changes made during the upgrade that cannot be backed out during a downgrade.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Archers_Wong

i try downgrade more but cannot boot 

Archers_Wong

G100D3G16804590 # show sys int config system interface edit "wan1" set vdom "root" set mode dhcp set allowaccess ping fgfm set type physical set role wan set snmp-index 1 next edit "dmz" set vdom "root" set ip 10.10.10.1 255.255.255.0 set allowaccess ping https http fgfm capwap set type physical set role dmz set snmp-index 2 next edit "modem" set vdom "root" set mode pppoe set type physical set snmp-index 3 next edit "ssl.root" set vdom "root" set type tunnel set alias "SSL VPN interface" set snmp-index 4 next edit "wan2" set vdom "root" set mode dhcp set allowaccess ping fgfm set type physical set role wan set snmp-index 5 next edit "mgmt" set vdom "root" set ip 192.168.1.99 255.255.255.0 set allowaccess ping https http fgfm set type physical set dedicated-to management set role lan set snmp-index 6 next edit "ha1" set vdom "root" set type physical set snmp-index 7 next edit "ha2" set vdom "root" set type physical set snmp-index 8 next edit "lan" set vdom "root" set ip 10.10.18.245 255.255.255.0 set allowaccess ping https http fgfm capwap set type hard-switch set stp enable set listen-forticlient-connection enable set role lan set snmp-index 9 next end

FG100D3G16804590 # show sys virtual-switch config system virtual-switch edit "lan" set physical-switch "sw0" config port edit "port1" next edit "port2" next edit "port3" next edit "port4" next edit "port5" next edit "port6" next edit "port7" next edit "port8" next edit "port9" next edit "port10" next edit "port11" next edit "port12" next edit "port13" next edit "port14" next edit "port15" next edit "port16" next end next end

FG100D3G16804590 #

Archers_Wong

Sorry late reply, ping any host not work but ping itself it ok

 

FG100D3G16804590 # get system arp Address Age(min) Hardware Addr Interface

FG100D3G16804590 # diagnose ip address list IP=10.10.10.1->10.10.10.1/255.255.255.0 index=6 devname=dmz IP=192.168.1.99->192.168.1.99/255.255.255.0 index=8 devname=mgmt IP=127.0.0.1->127.0.0.1/255.0.0.0 index=28 devname=root IP=127.0.0.1->127.0.0.1/255.0.0.0 index=30 devname=dmgmt-vdom IP=10.10.18.245->10.10.18.245/255.255.255.0 index=32 devname=lan IP=127.0.0.1->127.0.0.1/255.0.0.0 index=33 devname=vsys_ha IP=127.0.0.1->127.0.0.1/255.0.0.0 index=35 devname=vsys_fgfm

FG100D3G16804590 # FG100D3G16804590 # system arp Address Age(min) Hardware Addr Interface

FG100D3G1680459FG100D3G16804590 # get system arp Unknown action 0

FG100D3G16804590 # 5.0 index=6 devname=dmz IP=192.168.1.99->192.168.1.99/255.255.255.0 index=8 devname=mgmt IP=127.0.0.1->127.0.0.1/255.0.0.0 index=28 devname=root IP=127.0.0.1->127.0.0.1/255.0.0.0 index=30 devname=dmgmt-vdom IP=10.10.18.245->10.10.18.245/255.255.255.0 index=32 devname=lan IP=127.0.0.1->127.0.0.1/255.0.0.0 index=33 devname=vsys_ha IP=127.0.0.1->127.0.0.1/255.0.0.0 index=35 devname=vsys_fgfm

Dave_Hall
Honored Contributor

I would go as far as perform a factory reset on the 100D then see if the ports are accessible.   As Bryce indicated above, the switch interface settings may have been destroyed.  I do know there has been some changes to the port setting type when going from 5.2 to 5.4, that may not be reversible. 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Archers_Wong

i try not work, i use format also 

Archers_Wong
New Contributor

Here it result, factory reset no problem for me 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors