Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bhamdani
New Contributor

Created on ‎05-07-2023 06:21 PM

Flapping uplink connection

we have fortigate 1500D Series with HA configuration (active standby), currently port31 used by our company as uplink to ISP for 1Gbps connection link. The problem is sometimes that port become unreachable and down for several seconds from the event log it show like this :

down.jpg
and then we checked hardware port from cli, there is error like this :
============ Counters ===========
Rx_Internal_Mac_Errors:24
Rx_CRC_Errors :22
 
on the otherside, from ISP they said that there is not link failure on their side. is anyone ever had the same problem? what could be the problem and how to solved this problem. 
Thank you
laper bikin mager
laper bikin mager
Labels:
4299
0 Kudos
6 REPLIES 6
chauhans
Staff
Staff

Created on ‎05-07-2023 11:28 PM

Hi @bhamdani ,


As I have understood, you are observing port31 is flapping. 

Could you check the duplex/speed settings on both sides of the interface connection? (port31 and peer device interface).
Also, try to change the patch cable between them and observed afterward.

CRC errors seeing FortiGate don't imply that the firewall is causing the issue, it indicates that the firewall is failing to match the FCS value with the packets received.
FCS (Frame Check Sequence) field contains a 4-byte CRC value used for error checking. When a source host assembles a packet, it performs a CRC calculation on all fields in the packet except the Preamble, SFD (Start Frame Delimiter), and FCS using a predetermined algorithm. The source host stores the value in the FCS field and transmits it as part of the packet. When the packet is received by the destination host, it performs a CRC test again by using the same algorithm. If the CRC value calculated at the destination host does not match the value in the FCS field, the destination host discards the packet, considering this as a CRC Error.

4275
0 Kudos
bhamdani
New Contributor
In response to chauhans

Created on ‎05-08-2023 06:54 PM Edited on ‎05-08-2023 07:13 PM

Hi @chauhans 

Thank you for replying this post, below the result when we check port31 :

==================Fortigate Side==========================

Admin :up
netdev status :up
link_autonego :1
link_setting :1
link_speed :1000
link_duplex :0
link_fec :0
Speed :1000
Duplex :Full
link_status :Up
rx_link_status :0
int_phy_link :0
local_fault :0
local_warning :0
remote_fault :0

=====================================================

 

from ISP side using mikrotik router :

statusstatus
link speed option :
router-2.jpg

 

laper bikin mager
laper bikin mager
4252
0 Kudos
tthrilok
Staff
Staff

Created on ‎05-08-2023 02:18 AM

hi Bhamdani,

 

Could you check what is the destination you are trying to reach in the performance SLA where you called the interface port31. Once you double click on the log you should be able to see the performance SLA which is actually bringing the interface down.

 

Could you please check:

+ what is the destination you have defined in the performance SLA

+ what is the protocol you are using in the performance SLA

+ If it is HTTP, could you try with ICMP and also try to change the destination for any other public IP

 

Thank you!

 

 

 

4271
0 Kudos
bhamdani
New Contributor
In response to tthrilok

Created on ‎05-08-2023 07:05 PM

Hi @tthrilok,

Regarding performance SLA we set it as follow :

destination address: dns ip google -> 8.8.8.8

protocol : icmp

laper bikin mager
laper bikin mager
4249
0 Kudos
Bjay_Prakash_Ghising
Contributor
In response to bhamdani

Created on ‎05-08-2023 08:48 PM

Hi bhamdani, 

 

Have you configured the DoS policy in your FortiGate??

What is the SLA Target of your SD-WAN?

Does it comply with your DoS Policy?

 

Kind Regards, 

Bijay Prakash Ghising

 

Ghising
Ghising
4245
0 Kudos
bhamdani
New Contributor
In response to Bjay_Prakash_Ghising

Created on ‎05-08-2023 08:56 PM

Hi @Bjay_Prakash_Ghising

Currently we have not configure DoS policy.

Thank you

laper bikin mager
laper bikin mager
4239
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.