Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bhamdani
New Contributor

Flapping uplink connection

we have fortigate 1500D Series with HA configuration (active standby), currently port31 used by our company as uplink to ISP for 1Gbps connection link. The problem is sometimes that port become unreachable and down for several seconds from the event log it show like this :

down.jpg
and then we checked hardware port from cli, there is error like this :
============ Counters ===========
Rx_Internal_Mac_Errors:24
Rx_CRC_Errors :22
 
on the otherside, from ISP they said that there is not link failure on their side. is anyone ever had the same problem? what could be the problem and how to solved this problem. 
Thank you
laper bikin mager
laper bikin mager
6 REPLIES 6
chauhans
Staff
Staff

Hi @bhamdani ,


As I have understood, you are observing port31 is flapping. 

Could you check the duplex/speed settings on both sides of the interface connection? (port31 and peer device interface).
Also, try to change the patch cable between them and observed afterward.

CRC errors seeing FortiGate don't imply that the firewall is causing the issue, it indicates that the firewall is failing to match the FCS value with the packets received.
FCS (Frame Check Sequence) field contains a 4-byte CRC value used for error checking. When a source host assembles a packet, it performs a CRC calculation on all fields in the packet except the Preamble, SFD (Start Frame Delimiter), and FCS using a predetermined algorithm. The source host stores the value in the FCS field and transmits it as part of the packet. When the packet is received by the destination host, it performs a CRC test again by using the same algorithm. If the CRC value calculated at the destination host does not match the value in the FCS field, the destination host discards the packet, considering this as a CRC Error.

bhamdani

Hi @chauhans 

Thank you for replying this post, below the result when we check port31 :

==================Fortigate Side==========================

Admin :up
netdev status :up
link_autonego :1
link_setting :1
link_speed :1000
link_duplex :0
link_fec :0
Speed :1000
Duplex :Full
link_status :Up
rx_link_status :0
int_phy_link :0
local_fault :0
local_warning :0
remote_fault :0

=====================================================

 

from ISP side using mikrotik router :

statusstatus
link speed option :
router-2.jpg

 

laper bikin mager
laper bikin mager
tthrilok
Staff
Staff

hi Bhamdani,

 

Could you check what is the destination you are trying to reach in the performance SLA where you called the interface port31. Once you double click on the log you should be able to see the performance SLA which is actually bringing the interface down.

 

Could you please check:

+ what is the destination you have defined in the performance SLA

+ what is the protocol you are using in the performance SLA

+ If it is HTTP, could you try with ICMP and also try to change the destination for any other public IP

 

Thank you!

 

 

 

bhamdani

Hi @tthrilok,

Regarding performance SLA we set it as follow :

destination address: dns ip google -> 8.8.8.8

protocol : icmp

laper bikin mager
laper bikin mager
Bjay_Prakash_Ghising

Hi bhamdani, 

 

Have you configured the DoS policy in your FortiGate??

What is the SLA Target of your SD-WAN?

Does it comply with your DoS Policy?

 

Kind Regards, 

Bijay Prakash Ghising

 

Ghising
Ghising
bhamdani

Hi @Bjay_Prakash_Ghising

Currently we have not configure DoS policy.

Thank you

laper bikin mager
laper bikin mager
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors