Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
d_konyayev
New Contributor

Created on ‎06-27-2024 11:10 PM Edited on ‎06-28-2024 12:49 AM

Fortigate 90G firmware Bugs

Hey guys. I am an FGT90G owner.
I have tested firmware 7.0.12, 7.0.13, 7.0.14, 7.0.15.
1. On all firmware there is a problem with Traffic Shaping Policies.
I have configured a few rules in Traffic Shaping Policies. The network works fine, but after a few hours, all traffic that matches these rules stops working. After that, I disable the rules in Traffic Shaping Policies and my network works again.
If I re-enable the rule in Traffic Shaping Policies, the network does not work.

In the logs I see errors - Session time out.

TimeOut.jpg


The problem is solved only after rebooting the FortiGate.

But on firmware 7.0.12, if you turn off the rules in Traffic Shaping Policies and turn on the shaper in Firewall Policies, the Network works without problems. 

Policy.jpg

 

 

2. Second problem.
It is only present in versions 7.0.13, 7.0.14, 7.0.15.
I have 29 routers of Zyxel usg-20-vpn connected to FGT90G as Dial-Up IpSEC.
After rebooting the FGT90G or Zyxel, no access to the internal network of some Zyxel.
After entering the command "get router info routing-table all ", I see:
S 10.1.51.0/24 [15/0] via Vpn-Ike2-Tun_KT tunnel 10.0.0.22, [1/0]
[15/0] via Vpn-Ike2-Tun_NL tunnel 44.7.263.77

Screenshot_1.jpg

 

But PING to 10.1.51.0/24 doesn't work.
I enter the command: "diagnose vpn tunnel flush"
After that I can see the network 10.1.51.0
After entering the command "get router info routing-table all ", I see:
S 10.1.51.0/24 [15/0] via Vpn-Ike2-Tun_KT tunnel 44.7.263.77, [1/0]

This problem is not present on firmware 7.0.12.

 

Labels:
199
0 Kudos
2 REPLIES 2
hbac
Staff
Staff

Created on ‎06-28-2024 09:11 AM

Hi @d_konyayev,

 

For both issues, it will be useful to collect debug flow when the issue is happening. Please refer to this article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

 

Regards, 

151
0 Kudos
d_konyayev
New Contributor
In response to hbac

Created on ‎06-30-2024 09:02 PM

Thank you for your reply.
I had problems for a month after installing the FG90G.
I have now fixed them. I don't want to leave my company without stable connection anymore.
I will wait for the new firmware version, if there are problems on it, then I will post here.
p.s.
There was also a big problem with packet loss in VPN IPSEC tunnels. It was solved by disabling "npu offload" in "config vpn ipsec phase1-interface".
But this problem is between Zyxel and FortiGate 90G, so I didn't describe it in the first post.

62
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.