I've got a couple of 60C's in HA running 5.0.4. I tried to log in to the web interface today and it logs me in and loads the top toolbar and sits there with two empty frames for a while before it finally returns a "Error 500: Internal Server Error" in the left frame. I've tried killing all the httpsd processes but it hasn't made a difference. A diag debug on the web-ui shows the following when the error shows in the web interface:-
[httpsd 27319] http_config.c[573] ap_invoke_handler -- handler 'fastcgi-script' completed (result==500)
[httpsd 27319] http_request.c[1443] ap_internal_redirect -- internal redirect to '/p/pubredir/httperror/'
Trying to avoid rebooting the firewall at all costs. I've considered a forced failover to the secondary device but want to exhaust any other possible options before going down that road, and I'm not sure it will fix it anyway.
The web interface was working fine a day or two ago and nothing has changed since then. Firewall uptime is 223 days and looking at my Cacti graphs, memory utilisation has been sitting around 65% since November but appears to have just nudged up to 70% very recently. Not sure if this is the cause of the problem or not.
Solved! Go to Solution.
Hi Skippy,
So far so good. We did not experience the problem anymore since we installed 5.2.8. But we only installed the devices 10 days ago. It took the 5.2.7 devices like 14 days to come up with the problem, so I cannot confirm nor can I deny that 5.2.8 is the right solution.
Skippy wrote:Prometheus wrote:Is it normal to have something like 28GB of disk logging in roughly 10 days of operation?So last night we switched to the backup cluster using the 5.2.8 firmware. I'll keep you guys posted if it keeps on working or not. The faulty device also worked again after a reboot but this is still under investigation by Fortinet.
Full logging enabled for all policies with four WAN interfaces and both static and policy routes as well as BGP.
I think this is quite normal. I see it with our network monitoring which collected over 2GB of logging in 12 hours. But once again i'm not sure.
@Tommy: are you aware that formatting the flash disk (as recommended) will erase the firmware as well? Usually, one has to TFTP the image back onto flash to get the unit to boot.
Doing this from remote is daring at best, impossible at worst.
Tommy Rogers wrote:
I am formatting the loggingdisk, I thought it was a partition on the flash drive seprrate from the boot partition.
I thought so, also. But the CLI reference (http://help.fortinet.com/...I/execute.31.024.html) says this:
CLI_Ref wrote:
In addition to deleting logs, this operation will erase all other data on the disk, including system configuration, quarantine files, and databases for antivirus and IPS.
As it is often the case, documentation is not very clear. I do not remember running this command ever. Have you managed to recover the device?
NSE 7
All oppinions/statements written here are my own.
I was able to finally disable the log disk and restart. I know it was risky but it worked and it took several hours to initiate the command. This is a high risk so I am not suggesting anyone try it.
Now there is no sign of the logdisk at all in the GUI or from CLI commands. CUstomer is up and able to get to the GUI now so I have other fish to fry. I will address this at a later time.
Thanks for everyones input.
Hi Tommy, thank you for the feedback. I hate to be a party breaker, but I'm sure you are aware that this device should not be trusted until thoroughly tested, maybe even with a HQIP image. :)
Cheers!
Slavko
NSE 7
All oppinions/statements written here are my own.
I get this more often when i use Chrome then if I'm using Explorer. I always thought that the issue was my computer :)
It appears that the logdisk option has been removed from the 60x all the way up to the 100x models. I do not get any logdisk command options in the 100D CLI command structure what so ever now.
Hi everyone,
I'm new to this forum because we've got the same issues with our new 200D's.
We already replaced the broken one with a new 200D and after ~4 days we are facing the same problems again.
At first we restarted the broken one and it wasn't able to boot again.
Luckily we've got a HA and the second one took over.
Are there any new information regarding this issues?
At other locations we are using the same 200Ds (same firmware etc.) and its just a question of time when the big bang occurs.
It's really disappointing that these problems aren't fixed since a year and we bought new fortigates last month.
Thanks in advance
Stefan
Hi Stefan,
Reduce traffic and event disk logging to the minimum. If you have web caching enabled, disable it. These are the first aid tips. :)
Cheers!
Slavko
NSE 7
All oppinions/statements written here are my own.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.