Dear community,
I having troubles deploying a FortiADC in vmware environment. Some interfaces are not working at the start, and sometimes stop working sometime later.
If I check the interface status in CLI with command "diagnose hardware get deviceinfo nic-detail" it appears as connected:
Settings for port1:
Supported ports: [ TP ]
Supported link modes: 1000baseT/Full
10000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: No
Supported FEC modes: Not reported
Advertised link modes: Not reported
Advertised pause frame use: No
Advertised auto-negotiation: No
Advertised FEC modes: Not reported
Speed: 10000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: off
MDI-X: Unknown
Supports Wake-on: uag
Wake-on: d
Link detected: yes
I can ping my own interface also, but not the gateway.
The interfaces works again if I disable and enable from network configuration in vmware.
Maybe someone had the same issue?
Thanks,
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi FortiUser
Which FortiADC and VMware versions?
Created on 08-20-2024 02:58 AM Edited on 08-20-2024 02:58 AM
Hi AEK,
Thanks for your reply. I am using:
FortiADC v7.4.4 build0347
VMware vSphere Client version 7.0.3.01400
Thanks,
Hi
I see in release notes that there is no known issue in 7.4.4.
Probably a network issue outside the VM.
I'd recommend the following:
Hope it helps.
Thanks again AEK.
Both Forti and VMware logs has been checked and did not appears something related to network problems.
Notice that this problem is not only happening in one interface, it happens in differents interfaces from both forti servers but seems something random.
I'm not sure where the problem is coming from and I was hoping someone else had experienced it to see if they could help me.
I did a search internally and it seems that this behavior may be caused by a security setting in VLAN configuration in the hypervisor:
Checking in documentation I see that we need the "mac address changes" and "forged transmits" and I already have enabled.
I think that the promiscuous mode is not needed, is a requirement for fortigate not for fortiadc. Do you think that I need to enable this option also?
Hi all again and thanks to all that take the time to reply before :)
Adding some information to this issue, seems that the problem happens when the vmware perform a vmotion of the VM.
Any suggestion about this?
Thanks a lot.
I know similar issues when after a VMotion operation the MAC address is not updated on L2 switches. This may be your case. Anyway the solution depends on the network design and should be resolved by your network team.
We’ve finally found the solution..
As mentioned earlier in this thread, the issue was with the MAC address not being updated on the L2 switches after a vMotion. The root cause was a misconfiguration in the port group failover uplinks in VMware. After correcting this, everything is now working properly.
Thank you all for your time and assistance.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1561 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.