Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
m0j0
New Contributor III

Error 500: Internal Server Error in web interface

I've got a couple of 60C's in HA running 5.0.4.  I tried to log in to the web interface today and it logs me in and loads the top toolbar and sits there with two empty frames for a while before it finally returns a "Error 500: Internal Server Error" in the left frame.  I've tried killing all the httpsd processes but it hasn't made a difference.  A diag debug on the web-ui shows the following when the error shows in the web interface:-

[httpsd 27319] http_config.c[573] ap_invoke_handler -- handler 'fastcgi-script' completed (result==500)

[httpsd 27319] http_request.c[1443] ap_internal_redirect -- internal redirect to '/p/pubredir/httperror/'

 

Trying to avoid rebooting the firewall at all costs.  I've considered a forced failover to the secondary device but want to exhaust any other possible options before going down that road, and I'm not sure it will fix it anyway.  

 

The web interface was working fine a day or two ago and nothing has changed since then.  Firewall uptime is 223 days and looking at my Cacti graphs, memory utilisation has been sitting around 65% since November but appears to have just nudged up to 70% very recently.  Not sure if this is the cause of the problem or not.

 

1 Solution
Prometheus
New Contributor II

Hi Skippy,

 

So far so good. We did not experience the problem anymore since we installed 5.2.8. But we only installed the devices 10 days ago. It took the 5.2.7 devices like 14 days to come up with the problem, so I cannot confirm nor can I deny that 5.2.8 is the right solution.

Skippy wrote:

Prometheus wrote:

So last night we switched to the backup cluster using the 5.2.8 firmware. I'll keep you guys posted if it keeps on working or not. The faulty device also worked again after a reboot but this is still under investigation by Fortinet.

Is it normal to have something like 28GB of disk logging in roughly 10 days of operation?

Full logging enabled for all policies with four WAN interfaces and both static and policy routes as well as BGP.

 

I think this is quite normal. I see it with our network monitoring which collected over 2GB of logging in 12 hours. But once again i'm not sure.

 

View solution in original post

46 REPLIES 46
Skippy

Let's hope the 5.2.8 has solved the problem. I am still waiting to have some more feedback before re-enabling disk logging on the 200D on 5.2.8

Can't go to 5.4.1 because of missing features.

Prometheus
New Contributor II

@skippy and everyone else, Version 5.2.8 seems to be the solution!

 

We upgraded our firewalls 3 weeks ago to 5.2.8 and there are no issues so far. Hope this helps you guys.

djwilliams

@Prometheus are you logging to disk? 

Network Engineer
Network Engineer
Prometheus

@djwilliams, Yes we are logging to disk.

Skippy

Hi guys,

 

just an update after one month of full logging on 5.2.8 the FGT200D is still running flawlessly.

 

Thanks for all you help, any feedback regarding this issue from people who upgraded to 5.2.9 would be appreciated (I am not planning to upgrade at the moment as "if it ain't broken, don't fix it")

NotMine

Sorry for your troubles, mate. Tech support would almost surely instruct you to reinstall the firmware first. But, you do not have local access, which is rather limiting. :)

 

Restarting the device remotely while in this state is rather risky, because it could easily happen that it is unable to boot up again. I suppose you don't have an HA cluster?

NSE 7

All oppinions/statements written here are my own.

NSE 7 All oppinions/statements written here are my own.
CorneJvV

slavko wrote:

Restarting the device remotely while in this state is rather risky, because it could easily happen that it is unable to boot up again. I suppose you don't have an HA cluster?

Agree.

As per CSB-151124-1 this could also cause Boot failures and error messages during boot up.

FCNSA FortiGate 60C, 110C, 200B, 310B FortiAnalyzer 100C FortiMail 100 FortiManager 100
FCNSA FortiGate 60C, 110C, 200B, 310B FortiAnalyzer 100C FortiMail 100 FortiManager 100
Labels
Top Kudoed Authors