Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortiUser64812
New Contributor II

Created on ‎08-19-2024 10:59 PM

FortiADC disconnected interfaces in vmware

Dear community,

 

I having troubles deploying a FortiADC in vmware environment. Some interfaces are not working at the start, and sometimes stop working sometime later. 

 

If I check the interface status in CLI with command "diagnose hardware get deviceinfo nic-detail" it appears as connected:

 

 

Settings for port1:
Supported ports: [ TP ]
Supported link modes: 1000baseT/Full
10000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: No
Supported FEC modes: Not reported
Advertised link modes: Not reported
Advertised pause frame use: No
Advertised auto-negotiation: No
Advertised FEC modes: Not reported
Speed: 10000Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: off
MDI-X: Unknown
Supports Wake-on: uag
Wake-on: d
Link detected: yes

 

 

I can ping my own interface also, but not the gateway.

 

The interfaces works again if I disable and enable from network configuration in vmware.

 

Maybe someone had the same issue? 

 

Thanks,

Labels:
638
0 Kudos
9 REPLIES 9
AEK
SuperUser
SuperUser

Created on ‎08-20-2024 02:40 AM

Hi FortiUser

Which FortiADC and VMware versions?

AEK
AEK
615
0 Kudos
FortiUser64812
New Contributor II
In response to AEK

Created on ‎08-20-2024 02:58 AM Edited on ‎08-20-2024 02:58 AM

Hi AEK,

Thanks for your reply. I am using:

 

FortiADC v7.4.4 build0347

VMware vSphere Client version 7.0.3.01400

 

Thanks,

611
0 Kudos
AEK
SuperUser
SuperUser
In response to FortiUser64812

Created on ‎08-20-2024 04:09 AM

Hi

I see in release notes that there is no known issue in 7.4.4.

Probably a network issue outside the VM.

I'd recommend the following:

  • Check in the FortiADC's system logs if you can find any related error message at the moment of the issue
  • Check the same in VMware related logs
  • Try use another interface with another VLAN to see if the error happens again with this new config

Hope it helps.

AEK
AEK
590
0 Kudos
FortiUser64812
New Contributor II
In response to AEK

Created on ‎08-20-2024 07:21 AM

Thanks again AEK.

 

Both Forti and VMware logs has been checked and did not appears something related to network problems.

 

Notice that this problem is not only happening in one interface, it happens in differents interfaces from both forti servers but seems something random.

 

I'm not sure where the problem is coming from and I was hoping someone else had experienced it to see if they could help me.

 

567
0 Kudos
ebilcari
Staff
Staff
In response to FortiUser64812

Created on ‎08-20-2024 07:04 AM

I did a search internally and it seems that this behavior may be caused by a security setting in VLAN configuration in the hypervisor:

vlan-sec.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
570
0 Kudos
FortiUser64812
New Contributor II
In response to ebilcari

Created on ‎08-20-2024 07:23 AM

Checking in documentation I see that we need the "mac address changes" and "forged transmits" and I already have enabled.

 

I think that the promiscuous mode is not needed, is a requirement for fortigate not for fortiadc. Do you think that I need to enable this option also?

566
0 Kudos
FortiUser64812
New Contributor II

Created on ‎08-21-2024 04:24 AM

Hi all again and thanks to all that take the time to reply before :)

 

Adding some information to this issue, seems that the problem happens when the vmware perform a vmotion of the VM. 

 

vmotion.png

ping loss.png

 

Any suggestion about this?

 

Thanks a lot.

482
0 Kudos
AEK
SuperUser
SuperUser
In response to FortiUser64812

Created on ‎08-21-2024 06:21 AM

I know similar issues when after a VMotion operation the MAC address is not updated on L2 switches. This may be your case. Anyway the solution depends on the network design and should be resolved by your network team.

AEK
AEK
463
FortiUser64812
New Contributor II

Created on ‎08-22-2024 06:24 AM

We’ve finally found the solution..

 

As mentioned earlier in this thread, the issue was with the MAC address not being updated on the L2 switches after a vMotion. The root cause was a misconfiguration in the port group failover uplinks in VMware. After correcting this, everything is now working properly.

 

Thank you all for your time and assistance.

414
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.