- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FG300E restarts about every 3 minutes
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FG300E restarts about every 3 minutes
Hello,
I put new configured FG300E HA with FortiOS 5.4.7 into production network and this FG started to reboot about every 3 minutes and few seconds.
Crashlog gives no information about source.
How to debug this case ?
I don't want to move to FortiOS 5.6.x because many older FortiAPs will not be supported. I'm afraid to move to FortiOS 5.4.8 because of known bug: 470399 The FG-300E/301E and FG-500E/501E reboots with kernel panic errors
Perhaps downgrade to FortiOS < 5.4.6 ?
A few days ago I've made ticket in Fortinet Support but no helpful suggestions received ...
Janusz Such
Solved! Go to Solution.
5 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
First, you should call in the number in your country/region. You might need to be in queue some time but hopefully not long. Since you already open a TT via support web site, you don't have to get it created by the first rep before you're placed in a queue. You must have attached config and other log data so it would be shorter for the tech who you grabbed to get to the speed.
But likely need to flush the boot drive and reload the image either 5.4.7 or previous version you upgraded it from via TFTP, and upload the saved config of the version. Then you can upgrade to 5.4.8.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
this kind of FG300E rebooting might be linked to the usage of WiFis provided by FortiAPs managed by the FG300E. In our case after upgrade to FortiOS 5.6.3 no more such rebooting observed. If upgrade to FortiOS 5.6.3 is not an option then you might manage your FortiAPs by a separate FortiGate (connected to the FG300E).
Yoda
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you hooked up a laptop directly to the console (RJ45 serial) port to watch the whole sequence?
That should show you all output during the reboot, much of which you can miss if you're just using SSH or HTTPS to access it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
About the pings: they are most probably not blocked but just 'vanish from sight'.
Typically, after a new session is established, only 2 pings are forwarded by the CPU and then the session is offloaded to the NP ASIC. The built-in sniffer cannot display ASIC traffic and so it seems that traffic is blocked. But it's only offloaded and invisible.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello! In the meantime (as mentioned earlier) the FG300E is on FW 5.6.3. I try to remember how I managed it with 5.4.7 and a separate firewall controlling the FortiAPs: So we had two firewalls (both with FW 5.4.7): - FW1 : the FG300E providing the network interface to which the FortiAPs are connected and located in a productive network environment on separate floors (separate network switches in use) - FW2 : another firewall (in our case a FG100D) acting as WiFi controller only On FW1 : On the network interface where FortiAPs are connected to a new VLAN with DHCP enabled (for administration of FortiAP connections/policies) has to be defined, example : name "Mgmt_FAP", VLAN ID 50, IP 10.50.11.1/24, DHCP server enabled, HTTPS,PING,CAPWAP,SSH enabled A link between both firewalls (connected via physical network patch cable) using a /30 linknet has to be established, port x on FW1 and port y on FW2 are both parts of this common /30 linknet , CAPWAP to be enabled on involved interfaces. examples for interfaces used for the link network : FW1, port x : name "lk2fg100d" , IP 172.16.100.1/30 FW2, port y : name "lk2fg300e", IP 172.16.100.2/30 On each of these new interfaces a separate VLAN for each WiFi needed has to defined no CAPWAP, no DHCP server, role LAN, examples: FW1 : interface name: "lk2fg100d_vl71", VLAN ID 71, IP 172.16.71.1/30, FW2 : interface name: "lk2fg300e_vl71", VLAN ID 71 , IP 172.16.71.2/30 On FW2 a default route to interface "lk2fg300e", gateway IP : link network IP1 of FW1 (in our example 172.16.100.1 ) has to be defined On FW1 services "CAPWAP": UDP5246,5247 has to be defined and a FW policy for traffic from "Mgmt_FAP" port to "lk2fg100d" and services "CAPWAP" is needed. Again as an example a WiFi on FW2 has to be defined as follows: - SSID: "FAP_example_71" with IP 172.16.171.1/24, DHCP server enabled, propagating SSID:"example_71", default settings for DNS, NTP, etc. as you prefer - Policy routes for traffic from WiFi to Link-interface of FW1, example : incoming interface: FAP_example_71, src adr:172.16.171.0/24,
outgoing interface: lk2fg300e_vl71, gw addr:172.16.71.1 - FW policies for traffic from WiFi to Link-interface of FW1, example: incoming interface: FAP_example_71, outgoing interface:lk2fg300e_vl71, NAT enabled Also needed on FW1: - Static routes for (retour) traffic to WiFis on FW2, example : destination:172.16.171.0/24, device:lk2fg100d_vl71, gateway:172.16.71.2 - Various policies from VLANs initiated at FW2 to various targets on interfaces on FG1 interface, example: lk2fg100d_vlan71 to [WAN and other interfaces], NAT enabled The FortiAPs should be configured via separate management VLAN and controlled by FW2. As an example please have a look onto according FortiAP configuration commands like cfg -a AP_MGMT_VLAN_ID=50 cfg -a AC_IPADDR_1=172.16.100.2 Yoda
- « Previous
-
- 1
- 2
- Next »
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Despite all the vulnerabilities/CVEs we were forced to use v5.4.4 (which is not available on the Fortinet Support page, I had to create a Support ticket to be sent the firmware image). Reading through the FortiOS v5.4.9 release notes, it appears the 300E issues have been resolved. Will advise if any issues arise.
- « Previous
-
- 1
- 2
- Next »
Related Posts
- FortiGate 140D Restarts itself with IPSEC... 1382 Views
- Routing / ICMP gets partially lost 2138 Views
- ... 831 Views
- ... 485 Views
Labels
-
FortiGate
6,535 -
FortiClient
1,304 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
60 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
Firewall policy
23 -
FortiConnect
23 -
FortiWAN
22 -
FortiConverter
21 -
VLAN
20 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.