I have a FWF40-3G4G (7.0.5 but upgraded today to 7.2.2) which has been working well for a few years now.
There is 1 LAN connection on port1 which goes to the main switch which was a Ubiquiti Lite switch. This switch has been replaced by a Ubiquiti USW-48-PoE.
As soon as we upgraded to the USW-48 there is no connection (i.e. no internet) from the FWF40 to the USW-.48 but all LAN traffic across the switch works.
When the FWF-40 is plugged into the switch all the port lights on the switch flash in unison (broadcast storm?) I also noted that the media sense lights are on at both ends.
So far I have tried the following:
1.Execute ping from Fortigate CLI to LAN devices plugged into switch - fails
2.Tried LAN port 2 on Fortigate (LAN1,2,3 are all on same virtual switch) - same issue
3.Tried a backup modem (Draytek) instead of FWF-40 - this works as expected (internet and passes traffic to LAN)
4.Took the FWF-40 to my lab and plugged it into a USW-24 - works as expected in so far as it can connect to any of the devices plugged into the USW-24
To Do:
a. Force PoE off on USW-48 for FWF-40 port
b. Factory reset FWF-40
c. Try port spanning on USW-48 on port 1 (FWF40) and port 5 (server) to see how far traffic is getting.
But since the FWF-40 seems to work with other switches, but other firewalls work with the switch - its hard to tell if the issue lies with the switch or the firewall?
Other suggestions?
Only things I can think of right now would be some form of STP issue (are STP settings the same on both your USW switches? are the port settings the same as well for the ports that are connecting to the FWF?). Or perhaps an LLDP issue. Do you see anything in the logs when you plug the switch in? Also what about the dashboard, any CPU spikes or anomalies?
I do not think it is STP. I say this because I tried a old 60D I had on 6.2 I think and it worked fine. get system arp - shows the switch mac.
I tried a factory reset on the 40F and it still doesnt get switch mac in arp.
I think we should still work on ruling out STP. Can you do output of the following on your FGT (with the non-working switch conneted):
diagnose sys stp log
diagnose sys stp bridge
And just for fun can you disable STP on the Ubiquiti switch port that connects to the FGT? https://help.ui.com/hc/en-us/articles/360006836773-UniFi-USW-Configuring-Spanning-Tree-Protocol
And lastly can you post the config of your FortiGate LAN interface?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.