Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
shorn1
New Contributor

FortiGate 60C WAN Interface Speed only 100Mbit Fullduplex

Hi!

As I see, the FortiGate 60C should have a WAN Interface that is 10/100/1000 Fullduplex compatible.

In this document its written that it should be this way: http://www.fortinet.com/sites/default/files/productdatasheets/FortiGate-60C.pdf

 

But my WAN Interfaces seems to be only 100Mbit/Fullduplex.

So.. what is true and what speed should my Interface have?

Has anybody the same "problem"?

8 REPLIES 8
Dave_Hall
Honored Contributor

Depends on what speed/duplex the device on the other end of the WAN connection(s) supports.

 

If there is a duplex/speed negotiating issue, it may show up if you perform a diag hardware deviceinfo nic <WAN interface> on the CLI and check for errors. 

 

You can of course, force the duplex/speed on an interface by the follow on the CLI...

 

config system interface edit "WAN1" set speed 1000full next exit

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
shorn1

Dave Hall wrote:

Depends on what speed/duplex the device on the other end of the WAN connection(s) supports.

 

If there is a duplex/speed negotiating issue, it may show up if you perform a diag hardware deviceinfo nic <WAN interface> on the CLI and check for errors. 

 

You can of course, force the duplex/speed on an interface by the follow on the CLI...

 

config system interface edit "WAN1" set speed 1000full next exit

 

The device and the cable of the other side support 1000/fullduplex. Never had Problems with older router or firewall with the same device on the other side.

 

I cant set it via CLI, the highest speed I can configure is 100/fullduplex.

Output from Console:

command parse error before 'speed'
Command fail. Return code -61

 

When I execute the same command with set speed 100full all goes fine.

 

The Command set speed 1000full does not work, when a cable is patched or not. The same Problem is with the WAN2 and DMZ Port.

 

Now I configured the FortiGate to Change the mode from Switch to Interface.

I put the interface5 as "WAN" Port and Voila! 1000Gigbait/Fullduplex (with same device and cable) works.

 

I think that the document is wrong or my device have a older Interface?!

hamidfx
New Contributor

shorn1 wrote:
  The device and the cable of the other side support 1000/fullduplex. Never had Problems with older router or firewall with the same device on the other side.   I cant set it via CLI, the highest speed I can configure is 100/fullduplex. Output from Console:
command parse error before 'speed'
Command fail. Return code -61
  When I execute the same command with set speed 100full all goes fine.   The Command set speed 1000full does not work, when a cable is patched or not. The same Problem is with the WAN2 and DMZ Port.   Now I configured the FortiGate to Change the mode from Switch to Interface. I put the interface5 as "WAN" Port and Voila! 1000Gigbait/Fullduplex (with same device and cable) works.   I think that the document is wrong or my device have a older Interface?!
  Hello, I have same problem and I solved it! Just delete software switch from interface and make split internal lan and wifi. All Wan ports are 1Gbit connections but this software slow down them. Now I have 1Gbit full-duplex in Wan1. Thanks!   Hamed
vjoshi_FTNT
Staff
Staff

Hello,

 

The datasheet which you are referring to is for the new units(higher revision)

 

- On the older units(revision : 1 or 2), the wan interface only support 100 full duplex.

 

So, verify which revision is your 60C is and if it is not the latest, then the WAN interfaces of your FGT60C support only 100Full.

 

Hope that helps.

 

 

ede_pfau
SuperUser
SuperUser

But...it isn't easy to determine the hardware revision on a FGT!

You might look for a "Pxxx" number on the sticker on the bottom of the FGT, and maybe FTNT can decode that for you.

 

Besides, you have found the solution to your problem already: use one of the 'internal' ports after splitting up the switch. These are 1000 Mbps (a '1000Gigabit/s' port on a desktop model is still in the works...). The designation as 'internalX' is just a label, there is no functionality connected to the labels.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Dave_Hall
Honored Contributor

Even though the WAN device itself is capable of connecting at 1gb, unless the data transfer rate is over 100 MB or higher, I doubt you'll be losing out that much by setting the WAN port connect to 100 full duplex. 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
shorn1

Dave Hall wrote:

Even though the WAN device itself is capable of connecting at 1gb, unless the data transfer rate is over 100 MB or higher, I doubt you'll be losing out that much by setting the WAN port connect to 100 full duplex. 

 

I got a Internet Connection of 600Mbit Down and Upstream. That I can easily use to 95%.

With a WAN Port of 100Mbit I lose a lot of my internet speed.

emnoc
Esteemed Contributor III

back to what was suggested, the diag hardware deviceinfo nic wan1 command  or  fnsysctl cat  /proc/net/nicinfo/wan1 will output what's support by the nic chipset

 

e.g  ( 10/100/1000mbps )

Broadcom 570x Tigon3 Ethernet Adapter To get more ideals on  broadcom ethernet adapters;http://www.broadcom.com/support/ethernet_nic/faq_drivers.php

Once again, this is a linux based firewall and uses drivers similar to linux but with a   FTNT touch

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors