I'm hoping someone can provide some advice on file system issues I've got on a 60D running 5.2.2. We use this firewall solely for a redundant IPSec VPN tunnel that sees very little activity, and as such it currently has no active support subscription.
A few weeks ago I noticed the IPsec tunnel dropping with unusual VPN logs which would require a reboot to resolve the issue, except after rebooting from the GUI the unit would not come back up on it's own. A hard reboot would then successfully boot the device. I'm also unable to connect to the CLI when this occurs, but can access it after a successful reboot.
After checking the system logs I noticed an ext3 error:
I'm thinking my next step is to try the HQIP tool to check for hardware errors, which would also require a fresh firmware reload. I'm assuming if it is a hardware issue, I'll need to back-purchase an active subscription in order for it to be covered under RMA. Since I can't log a TAC ticket for this unit, I was just hoping for some advice on whether or not this is the right approach.
Oh that sounds annoying. I had a Fortigate 60c earlier, with defective flash. The flash is fixed to the motherboard so not replaceable, what means I couldn't use the unit anymore. Since a couple of years , Fortinet recommends not to use flash for logging purposes, to save flash use.
I think it's not done. Units work excellent, but throwing away the unit because of flash damage it's so annoying.
I then loaded a fresh copy of the 5.2.2 firmware with blank config and re-ran the disktest, which gave me the same results as before the testing.
FGT60Dxxxxx # diag disktest run
Round 1 started. Current Test Device: /dev/sda Total size: 12800M Current Test Block: 4M. Current Time Limit: No limit Current Size Limit: No limit Time(Sec) Size(MB) Read(MB/s) Write(MB/s) 0.0 0(0.00%): .................................................. 16.3 4.8 111.1 200(1.56%): .................................................. 16.4 4.1
5721.2 9200(71.88%): .......................................XXXXXXXXXXX 15.7 2.3 5920.8 9400(73.44%): XX Read error: 4194304 bytes wanted, only 122880 bytes read!
Test Result: Failed Tested size: 9408MB (73.50% Coverage of whole disk) Time used: 5939.6 sec Read Speed: 16.6MB/s Write Speed: 4.1MB/s Command fail. Return code -14
I'm now kind of at a loss for what to do next. It seems that it's not likely to be a hardware issue, but reloading the firmware didn't fix the issue (which is essentially the recommended fix for all file system issues as far as I can tell).
There is no active support subscription on this device, so I'm unable to log a support ticket.
Any further assistance would be greatly appreciated.
You're right, this absolutely looks like a hardware failure, the flash is broken.
Bad news is that without FortiCare you won't get a replacement unit.
Good news is, if you buy a contract now it will only be backdated for a maximum of 6 months even if the previous contract has expired a long time ago. For a 60D, FCare is a small amount compared to new hardware.
So, get a new contract, register it, open a ticket and send them the HQIP logs.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.