Fortigate 3700 does not take aggregate member interfaces down when aggregate interface is disabled

Katoomba · ‎11-21-2024

I have a Fortigate 3700 with single mode fiber QSFP's installed. Several of those QSFP ports are configured in aggregates.

When I take the aggregate interface down, the member links stay up.

This is a problem, because the Fortigates are in HA pairs and link-failed-signal is enabled which is supposed to take down the HA monitored interfaces (on the primary that is moving to secondary mode) when a failover occurs. However, none of the aggregate member interfaces go down. Only "normal" interfaces go down.

I have tested aggregate behavior on a 60E HA pair and the aggregate member interfaces (copper gig ports) go down when an aggregate interface is taken down. This is the expected behavior.

Is this known behavior for the 3700? Why does the 3700 not take down the member interfaces when an aggregate is taken down?

The 3700 is running 7.2.8.

Katoomba

Jean-Philippe_P · ‎11-24-2024

Hello Katoomba,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Jean-Philippe - Fortinet Community Team

DPadula · ‎11-24-2024

Hi Katoomba,

Have a look on the known issues section under the release notes for 7.2.8
https://docs.fortinet.com/document/fortigate/7.2.8/fortios-release-notes/236526/known-issues

Search for 882862 - On FortiGate 400F, 600F, 900G, 3200F, and 3700F models, LAG interface members are not shutting down when the remote end interface (one member in the LAG) is admin down.

If you look into the release notes of 7.4.4, the issue was solved (search for 882862).

https://docs.fortinet.com/document/fortigate/7.4.4/fortios-release-notes/289806/resolved-issues

So basically you need to upgrade to 7.4.4, at least, to have the issue fixed.

In case the answer provided is a solution to you issue, mark it as solved to help other community members to find this topic.

Regards

DPadula

Katoomba · ‎11-24-2024

Thank you for researching the issue. The release notes you refer to...

882862 On FortiGate 400F, 600F, 900G, 3200F, and 3700F models, LAG interface members are not shutting down when the remote end interface (one member in the LAG) is admin down.

Does not appear to me to be the same issue as what I am reporting. What I see, is that shutting down the LAG interface does not shut down the member interfaces - locally. Which is different to problem the release notes discuss. However, it does seem that the release notes are pointing toward a problem that could be related to the localized behavior that I am seeing.

It would be nice if you could actually test the behavior that I am reporting, confirm it, and then report it internally as a different issue. Any chance of that happening or do you consider that you've taken this as far as you can?

Many thanks.

Katoomba

DPadula · ‎11-24-2024

I did a quick look into other known issues and there is a chance to have a BUG ID for the issue reported by you. To proper confirm that is better to have someone allocated. You will need to raise a ticket under the support portal or via phone so an engineer will be assigned to your case.

My suggestion to you is to upgrade to the latest version first (7.4.5 or 7.2.10 - mature versions) then raise a ticket, so the engineer in charge of the case can contact the engineering team directly saving a lot of time from both sides.

Regards

DPadula

Katoomba · ‎11-24-2024

OK, thank you for your assistance. I am not able to upgrade the version due to internal organization policies. But I will raise a ticket anyway.

Katoomba

Fortigate 3700 does not take aggregate member interfaces down when aggregate interface is disabled

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website