Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Nubbins
New Contributor II

Created on ‎02-22-2025 04:01 PM Edited on ‎02-22-2025 04:06 PM

All VLAN sub-interfaces are seeing bandwidth usage of other interfaces.

Hi,

 

This one is a little hard to explain, but we and active/passive pair of Fortigate 120G's that have 802.3ad aggregate parent interfaces with multiple VLAN subinterfaces. 

 

The strange thing we are seeing is that when traffic passes over one of the VLAN subinterfaces, we're seeing roughly 10% of that bandwidth appear on the other interfaces.

 

For example, we have LAG1 with VLAN sub-interfaces of VLAN10, VLAN20, and VLAN30. All VLANs are idle, but if I run a speed test on a machine that sits on VLAN10, I'll see the VLAN10 bandwidth jump to 1000Mbps as expected, but the bandwidth graphs for VLAN20 and VLAN30 will each show between 50-100Mbps of traffic on them.

 

This is causing havoc with our monitoring and billing systems. Any idea why this is? We recently migrated the configurations from 60Fs and didn't have an issue with those.

We've tested with a completely new LAG and VLANs with a separate Arista switch stack and a single device in each VLAN. The devices in the VLAN are not seeing the traffic...

 

See below. 
(Edit: Image tags the wrong way round but you get the idea)

 

VLAN20VLAN20

VLAN10VLAN10

VLAN30.jpg

 

Labels:
216
0 Kudos
4 REPLIES 4
Anthony_E
Community Manager
Community Manager

Created on ‎02-25-2025 02:43 AM

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
162
Nubbins
New Contributor II
In response to Anthony_E

Created on ‎02-25-2025 03:27 PM

Thanks Anthony.

 

I've actually opened a ticket which has now been kicked around since Sunday simply trying to get the engineer to understand. I wish people would pick up the phone, it could have been clarified in 5 minutes.

 

I've run a bunch of pcaps etc and have proved that there no actual traffic going over the sub-interfaces but for some reason all graphs on the dashboard and SNMP are showing the erroneous data.

My gut feel is that there's something a miss on the 120Gs. 

 

138
Anthony_E
Community Manager
Community Manager

Created on ‎02-26-2025 01:44 AM

Hi Nubbins,

 

When you get the TAC solution, may I ask you to share it here for the other users?

 

Regards,

Anthony-Fortinet Community Team.
126
0 Kudos
FortiFairy
New Contributor

Created on ‎03-15-2025 01:53 AM

Hi Nubbins,

 

same here. 60F with 7.4.7 (no HA) no issues with bandwidth monitoring.

 

But kinda same scenario with my 1100E HA pair.

 

I am pushing data from one VLAN to another VLAN (802.3ad aggregate) and see the bits sent counted as received and on the other interface nothing.

 

Via SNMP but also via Fortiview Bandwidth Monitor. Destination interface traffic is counted as outbound and the source interface traffic is near nothing. If you then have look at the "Fortiview Policies by Bytes" you see the correct data but on interface bandwidth monitor we see false data. 

 

Please share your TAC answer, i am curious as hell.

 

Regards

46
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.