Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

FG-60 Stops Passing Traffic

I' m at my wits end and I' m hoping you guys can help out with a problem that I' ve got. We have deployed a couple of FG-60s and are now having problems with the devices. The first sign of trouble was when a client complained of not having Internet access (port 80). We were running MR-6 at the time. If I reset the device traffic would start to flow again. After this happened a couple of time, I called the support number for assistance. I was asked to upgrade to MR-7 which I did. We then started having occasional problems at the same client with POP3 access. Again, a reset on the device cleared the matter. Today, we experienced problems at our colo site (big problems here) with accepting POP3 traffice on an FG-60 with MR-6 installed. It' s not like we' re lighting up the devices with activity but I cannot continue resetting the devices to get things going again. It appears that the device just stops accepting/forwarding traffic. Does anyone have any ideas abou what' s happening?? I' m ready to pull the devices and install something that won' t fail in this manner. Any help is appreciated.
35 REPLIES 35
Not applicable

You’re not the only one that is getting pissed off with this. I was having major problems running 3 POP3 servers behind the firewall, service just stopped working. MR7 seemed to cure the problem but now my HTTP server is suffering… We are being attacked all the time, I was using a Guardian firewall, this worked fine just had port routing limitations… I am seriously considering in putting the Guardian back on line and using the Fortigate as a door stop… Regards, Kevin Vahn Gill Ring Communications (UK) Ltd
Not applicable

Hi All, Sorry to say this but I take comfort in knowing that I am not the only one… Last night, (23:20) my HTTP server went off air and we started to get NetSky on internal mail… The firewall had decided that I longer needed to scan SMTP for viruses and that I didn’t need a web server… Back to Guardian and Total Virus Defence me thinks... Regards, Kevin…
SECCON1MC
New Contributor

We have had the same issues with a FGT-50 with MR6 with web traffic and when av scanning is enabled.. The kicker is that it only stops working at our client' s site after 2-4 days (they have very low use of the web). If we disable AV.. all is fine. It sounds like a memory/session issue that the fortiCODERS need to clean up. The only fix I can think of is going back to OS 2.36 (whichs needs to be tftp' ed) Good luck.
[link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud Based - Logging ● Alerting ● Reporting ● Monitoring ● Management Signup today!
[link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud Based - Logging ● Alerting ● Reporting ● Monitoring ● Management Signup today!
Not applicable

[Deleted by Admins]
Not applicable

So, let me get this straight: 1. I should not use MR7 because it' s buggy 2. I need to disable all NIDS 3. I need to disable all AV scanning Hmm, not much of a firewall is it? The only thing it' s doing is port-forwarding to a private internal network for security. Netgear, Linksys, et. al. provide this level of service at less than half the price!
Not applicable

[Deleted by Admins]
Not applicable

[Deleted by Admins]
Not applicable

Hi All, I will let you know how I get on with this but we are upgrading to a FG200... Not quite the best solution to the problem (£££) but it may work... Regards, Kevin...
Not applicable

What gives you any level of confidence that moving to a 200 will solve this problem? It seems to me that there is a fundamental flaw in the scanning engines which can lead to ultimately losing HTTP/POP3/IMAP/whatever.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors