I have a FortiGate 60E, brand new, V6.2.3 build1066 (GA).
If I plug my laptop (Mac with Gigabit network card) into interface Internal1 - it shows 1000Mbps/full duplex on the GUI and lights up green on the display nearly instantly.
If I plug either a Cisco or Engenius unmannaged Gigabit network switch into Internal1, it takes a few seconds to "light up", but when it does, it shows up as 100Mbps/Full Duplex and amber light. I have confirmed these switches are operating on gigabit and all devices plugged into them show 1000Mbps.
If I unplug the switch and plug the same laptop into the Internal1, it then shows only 100Mbps, until such time I physically reboot the FortiGate 60E. Then it goes back to 1000Mbps.
This issue will follow any port on the FortiGate except for WAN. My laptop always shows up 1000Mbps. Plug in gigabit switch, and the port goes to 100Mbps. Then the same laptop cannot connect on that port any faster than 100Mbps until a reboot.
Thoughts?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
what happens if you set the port to 1000mbps full?
do you get the same issue if you disable/enable the port?
I suggest you give up von v6.2 at the moment, and run v6.0.9. There are some issues to be sorted out, some of which pertain to MTU handling. Just a thought.
Have you broken the internal switch into individual ports. First thing I do with new units.
try to force the port speed to 1000full
confyg system interface
edit port xxx
set speed 1000full
end
You can perform a diag on the interface from the CLI using diag hardware deviceinfo nic <interface> eg. diag hardware deviceinfo nic internal1 Output should be something similar to the following... Description Fortinet 92D Ethernet Driver System_Device_Name internal1 Current_HWaddr 90:6c:ac:00:00:00 Permanent_HWaddr 90:6c:ac:00:00:00 State up Link up PHY Link up Speed 1000 Duplex full port: 0 def vid 4094 cur_vid 4094 netdev_running 1 pci_rx 0 Rx_Packets 341499 Tx_Packets 615994 Rx_Bytes 58315364 Tx_Bytes 220265980 What you are looking for is the duplex/speed value and any rx/tx errors or any errors for that matter. If there are errors, wait 2-3 mins then repeat the diag commands to see if the error counts increases. (This is assuming you have something plugged into that interface port.) Use show system interface internal1 to see how the internal1 port is configured. (cmd will not show default values.)
Use show full system interface internal1 to display the full configuration on internal1. If duplex/speed is set, it should show up as "set speed <value>".
You can force the duplex/speed on internal1 by using:
config system interface edit "internal1" set speed 1000full next end
To set the interface to auto negotiation, use:
config system interface edit "internal1" unset speed next end
It's been suggested to disable/enable the interface, which you can do from the CLI:
config system interface edit "internal1" set status (up|down) next end
If both sides of the connection is confirmed to be set to auto negotiation, I really find this problem odd - I suggest forcing the interface to 1000full then perform further testing - check via the diag cmds what that interface is reporting and/or disable/enable the interface and/or powercycle the switch. etc.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Dave Hall wrote:You can perform a diag on the interface from the CLI using diag hardware deviceinfo nic <interface>
Here is the output for the interface and the hardware switch.
Description :FortiASIC NP6LITE Adapter
Driver Name :FortiASIC NP6LITE Driver
Board :60E
lif id :3
lif oid :67
netdev oid :67
tx group :0
Current_HWaddr e8:1c:ba:ec:27:d7
Permanent_HWaddr e8:1c:ba:ec:27:d7
========== Link Status ==========
Admin :up
netdev status :up
autonego_setting:0
link_setting :0
speed_setting :100
duplex_setting :1
Speed :100
Duplex :Full
link_status :Up
============ Counters ===========
Rx Pkts :1
Rx Bytes :60
Tx Pkts :0
Tx Bytes :0
Host Rx Pkts :1
Host Rx Bytes :46
Host Tx Pkts :0
Host Tx Bytes :0
Host Tx dropped :0
FragTxCreate :0
FragTxOk :0
FragTxDrop :0
RPM # diag hardware deviceinfo nic internal
Description :FortiASIC NP6LITE Adapter
Driver Name :FortiASIC NP6LITE Driver
Board :60E
lif id :12
lif oid :76
netdev oid :76
tx group :0
Current_HWaddr e8:1c:ba:ec:27:d7
Permanent_HWaddr e8:1c:ba:ec:27:d7
========== Link Status ==========
Admin :up
netdev status :up
autonego_setting:1
link_setting :1
speed_setting :1000
duplex_setting :1
Speed :1000
Duplex :Full
link_status :Up
============ Counters ===========
Rx Pkts :8199608
Rx Bytes :3228643786
Tx Pkts :8833945
Tx Bytes :4754641061
Host Rx Pkts :3253882
Host Rx Bytes :449029866
Host Tx Pkts :2449571
Host Tx Bytes :479060991
Host Tx dropped :0
FragTxCreate :0
FragTxOk :0
FragTxDrop :0
Member Ports :
[00]: internal1
[01]: internal5
[02]: internal6
[03]: internal7
When I try to force the interface to 1000, I get -61 error.
(internal1) # set speed 1000full
command parse error before 'speed'
Command fail. Return code -61
As the device is now in production, converting the interface1 to be standalone, like others have suggested instead of part of the switch, will take some afterhours time.
I have tried everything else suggested in this thread, from power cycling, to forcing 1000 (getting the -61 error).
I just encountered this same problem, my wan1 port on our FortiWiFi 60E was uplinking to a netgear unmanaged 1G switch. Speed was 1000 full. I removed the netgear switch and now wan1 goes up to a Cisco 3500 switch, the speed is now 100 full...
I tried to force 1000 full on the wan1 interface, the system allowed it but them my interface went down;
========== Link Status ========== Admin :up netdev status :down autonego_setting:0 link_setting :1 speed_setting :1000 duplex_setting :1 Speed :10 Duplex :Half link_status :Down
When I set the interface back to auto, it reconnects at 100 full. Going to open a tac case to see if they can shed some light on this.
Hi, I have the same issue. Did you resolve the problem?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.