Hi All
i have 100D and work normally, but after i downgrade from 6.0 to 5.2, i found all the port not work but i can access CLI and check hardware dialogic without any error, have any idea what problem? cannot ping, access, i confirm allow ping and access in CLI, even i run exe ping local network, not function also
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Can you ping any host from the FG?
Can you ping yourself?
Did you follow upgrade/downgrade path?
Can you show us the output?
get system arp
diagnose ip address list
it might have destroyed the switch interface and it's members?
do a 'show sys int' , 'show sys swi' , and 'show sys virtual-swi'
See if they align with what you are expecting, 6.0 to 5.2 is quite the jump. I'd be surprised if it went smoothly. At least if you don't want to do a factory reset.
Personally, I would restore a backup taken under 5.2. There may have been changes made during the upgrade that cannot be backed out during a downgrade.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
i try downgrade more but cannot boot
G100D3G16804590 # show sys int config system interface edit "wan1" set vdom "root" set mode dhcp set allowaccess ping fgfm set type physical set role wan set snmp-index 1 next edit "dmz" set vdom "root" set ip 10.10.10.1 255.255.255.0 set allowaccess ping https http fgfm capwap set type physical set role dmz set snmp-index 2 next edit "modem" set vdom "root" set mode pppoe set type physical set snmp-index 3 next edit "ssl.root" set vdom "root" set type tunnel set alias "SSL VPN interface" set snmp-index 4 next edit "wan2" set vdom "root" set mode dhcp set allowaccess ping fgfm set type physical set role wan set snmp-index 5 next edit "mgmt" set vdom "root" set ip 192.168.1.99 255.255.255.0 set allowaccess ping https http fgfm set type physical set dedicated-to management set role lan set snmp-index 6 next edit "ha1" set vdom "root" set type physical set snmp-index 7 next edit "ha2" set vdom "root" set type physical set snmp-index 8 next edit "lan" set vdom "root" set ip 10.10.18.245 255.255.255.0 set allowaccess ping https http fgfm capwap set type hard-switch set stp enable set listen-forticlient-connection enable set role lan set snmp-index 9 next end
FG100D3G16804590 # show sys virtual-switch config system virtual-switch edit "lan" set physical-switch "sw0" config port edit "port1" next edit "port2" next edit "port3" next edit "port4" next edit "port5" next edit "port6" next edit "port7" next edit "port8" next edit "port9" next edit "port10" next edit "port11" next edit "port12" next edit "port13" next edit "port14" next edit "port15" next edit "port16" next end next end
FG100D3G16804590 #
Sorry late reply, ping any host not work but ping itself it ok
FG100D3G16804590 # get system arp Address Age(min) Hardware Addr Interface
FG100D3G16804590 # diagnose ip address list IP=10.10.10.1->10.10.10.1/255.255.255.0 index=6 devname=dmz IP=192.168.1.99->192.168.1.99/255.255.255.0 index=8 devname=mgmt IP=127.0.0.1->127.0.0.1/255.0.0.0 index=28 devname=root IP=127.0.0.1->127.0.0.1/255.0.0.0 index=30 devname=dmgmt-vdom IP=10.10.18.245->10.10.18.245/255.255.255.0 index=32 devname=lan IP=127.0.0.1->127.0.0.1/255.0.0.0 index=33 devname=vsys_ha IP=127.0.0.1->127.0.0.1/255.0.0.0 index=35 devname=vsys_fgfm
FG100D3G16804590 # FG100D3G16804590 # system arp Address Age(min) Hardware Addr Interface
FG100D3G1680459FG100D3G16804590 # get system arp Unknown action 0
FG100D3G16804590 # 5.0 index=6 devname=dmz IP=192.168.1.99->192.168.1.99/255.255.255.0 index=8 devname=mgmt IP=127.0.0.1->127.0.0.1/255.0.0.0 index=28 devname=root IP=127.0.0.1->127.0.0.1/255.0.0.0 index=30 devname=dmgmt-vdom IP=10.10.18.245->10.10.18.245/255.255.255.0 index=32 devname=lan IP=127.0.0.1->127.0.0.1/255.0.0.0 index=33 devname=vsys_ha IP=127.0.0.1->127.0.0.1/255.0.0.0 index=35 devname=vsys_fgfm
I would go as far as perform a factory reset on the 100D then see if the ports are accessible. As Bryce indicated above, the switch interface settings may have been destroyed. I do know there has been some changes to the port setting type when going from 5.2 to 5.4, that may not be reversible.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
i try not work, i use format also
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.