Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
forti123
New Contributor

Created on ‎09-11-2023 03:58 PM

Fortigate 401F Stop Working

Hi all,

 

i am facing one of the strange issue with FortiGate 401F model it run Firmware Version 7.0.12.

 

suddenly sometimes this FortiGate stop working even i can not access internal corporate subnets and internet but when i am checking 8.8.8.8 from FortiGate firewall Console i can reach to 8.8.8.8 but client can not ping 8.8.8.8 and can't brows to the internet.

i was opened TT with FortiGate Tach still they are also looking for this issue this issue happen sometime in a week two times and sometime in a month.

 

i troubleshoot allot and check the internal network after troubleshooting the last thing which i did it was i configure on of the physical port of the FortiGate to check and allow that test subnet to internet for testing purpose when this issue happen i connect my laptop direct to that test port but i had no internet so due to that i figure out that issue is with FortiGate firewall  becouse  even direct from FortiGate i dont had internet, during this period of time even i can not reach my internal subnets as well, it down the functioning for 5 minuets after 5 minuets everting coming up and working.

 

any one else had the same issue.

 

looking forward for your nice comments on this.

Labels:
287
0 Kudos
3 REPLIES 3
srajeswaran
Staff
Staff

Created on ‎09-11-2023 10:15 PM

Can you check if the system was entering conserve mode during the time of issue using "diag debug crashlog read"

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

248
0 Kudos
hbac
Staff
Staff

Created on ‎09-12-2023 06:28 AM

Hi @forti123,

 

As Suraj suggested, you can check if there were crashes or not. Additionally, you can run a debug flow while pinging across the internal network or to the Internet to see the traffic flow. Below are debug flow commands. You can replace IP address with a destination IP. 

 

di deb disable
di deb res
diagnose debug flow filter clear
di deb flow filter addr 10.0.2.5
di deb flow filter proto 1
diagnose debug flow show function-name enable
di deb flow show iprope en
diagnose debug console timestamp enable
diagnose debug flow trace start 500
diagnose debug enable

 

- Run 'di deb dis' to disable the debug. 

 

Regards, 

232
0 Kudos
VinayHM
Staff
Staff

Created on ‎09-12-2023 09:17 PM

Hi @forti123 

 

You can check quickly memory utilization by the command or in the dashboard gui

#get system performance status 

 

If memory is normal, when the issue happens then we need to take traffic debug.

 

Regards,

Vinay HM
215
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.