fortiAfter upgrading to 7.4.3 my 1100E is doing something wrong when answering requests for ifoutoctets on ipsec interfaces.
Occassionaly Delta for out octets is way too high which shows an ipsec tunnel on a 40Gig interface at 90+ percent utilization while the physical 40Gig interface is reporting correctly.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi
What model of device are you using?
Can you provide a screenshot? Is there any SNMP OID information?
Thanks
Kangming
The device is an 1100E. Physical interface is 4x 10gbe interfaces as an aggregate. The tunnel uses that interface as a source.
This is the MIB being monitored right after clearing the counters on the interfaces. Eventually there will be major spikes in the tx octets along with my snmp management system issuing an alert for utilization above 90 percent.
Doing another poll directly for the ifoutoctet mib will show considerably more octets transmitted out of the tunnel than across the physical interface.
This has run fine for the last 3-4 years and it has only started happening right after upgrade to 7.4.3.
Index 73 is the physical interface. Index 56 is the ipsec interface.
Thanks for your feedback.
If you can share your configuration file, I will be able to reproduce it in the lab. If it can be reproduced and confirmed to be an issue, I will submit the bug to Dev for investigation, my email is: kmliu@fortinet.com, thanks!
Thanks
Kangming
7.2.7 works fine.
we are planning to migrate all features that 7.4.X provides, to a different hardware vendor that also provides those features.
Hi Aguerriero
I have tested your issue in my 2 FGT1101E. However, in my lab, I got the normal result, which was reported from 2 interfaces quite equally. You can check my picture in the attachment.
For your case, can you do this :
Step 1. Clear counters in 2 interfaces and checking by commands:
Diagnose netlink interface list port33 ! (Physical)
diagnose netlink interface list SNMP_Test
!(IPsec VPN)
diagnose netlink interface clear port33
diagnose netlink interface clear SNMP_Test
diagnose netlink interface list port33
diagnose netlink interface list SNMP_Test
step 2. Get snmpwalk or visually them in PRTG/Cacti
Regards
Bill
Hi Aguerriero,
It would be a big help if you could share your configuration with us. We can reproduce the issue in our lab the same way you have. My email is bhoang@fortinet.com. You can send it to me or Kangming. Thanks
Regards
Bill
Created on 04-10-2024 06:24 PM Edited on 04-10-2024 06:26 PM
Did you see my post before this? It wasn't on one of the 40G interfaces. It was 4x 10g interfaces in an LACP aggregate. The aggregate was the source of the ipsec tunnel.
The utilization reported just fine on the aggregate. The ipsec interface utilization is what reported high.
We moved the 1100E HA pair back to 7.2 on 3-21-2024 and there have been zero issues with SNMP utilization events since.
Hi Aguerriero,
I read your post carefully before testing it. Sometimes, just a minor configuration could trigger an issue. Therefore, it is a big help if you can share your configuration. If you cannot share it, we still try to re-test it to find the issue. Thanks
Bill
Hi Aguerriero, We retested your case in Agg interfaces. The result from the IPsec tunnel vs. the Agg interface reported the same result for SNMP.
Do you have any special configuration in Aggregate Interface? What is your SPF type?
Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1721 | |
1098 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.