Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
d_konyayev
New Contributor II

Created on ‎06-27-2024 11:10 PM Edited on ‎07-25-2024 11:33 PM

Fortigate 90G firmware Bugs

Hey guys. I am an FGT90G owner.
I have tested firmware 7.0.12, 7.0.13, 7.0.14, 7.0.15.
1. On all firmware there is a problem with Traffic Shaping Policies.
I have configured a few rules in Traffic Shaping Policies. The network works fine, but after a few hours, all traffic that matches these rules stops working. After that, I disable the rules in Traffic Shaping Policies and my network works again.
If I re-enable the rule in Traffic Shaping Policies, the network does not work.

In the logs I see errors - Session time out.

TimeOut.jpg


The problem is solved only after rebooting the FortiGate.

But on firmware 7.0.12, if you turn off the rules in Traffic Shaping Policies and turn on the shaper in Firewall Policies, the Network works without problems. (26.07.2024 - The problem returns if I make changes in Trafic Shaper. Solution: Reboot the FortiGate)

 

Policy.jpg

 

 

2. Second problem.
It is only present in versions 7.0.13, 7.0.14, 7.0.15.
I have 29 routers of Zyxel usg-20-vpn connected to FGT90G as Dial-Up IpSEC.
After rebooting the FGT90G or Zyxel, no access to the internal network of some Zyxel.
After entering the command "get router info routing-table all ", I see:
S 10.1.51.0/24 [15/0] via Vpn-Ike2-Tun_KT tunnel 10.0.0.22, [1/0]
[15/0] via Vpn-Ike2-Tun_NL tunnel 44.7.263.77

Screenshot_1.jpg

 

But PING to 10.1.51.0/24 doesn't work.
I enter the command: "diagnose vpn tunnel flush"
After that I can see the network 10.1.51.0
After entering the command "get router info routing-table all ", I see:
S 10.1.51.0/24 [15/0] via Vpn-Ike2-Tun_KT tunnel 44.7.263.77, [1/0]

This problem is not present on firmware 7.0.12.

 

Labels:
1708
0 Kudos
6 REPLIES 6
hbac
Staff
Staff

Created on ‎06-28-2024 09:11 AM

Hi @d_konyayev,

 

For both issues, it will be useful to collect debug flow when the issue is happening. Please refer to this article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

 

Regards, 

1659
d_konyayev
New Contributor II
In response to hbac

Created on ‎06-30-2024 09:02 PM

Thank you for your reply.
I had problems for a month after installing the FG90G.
I have now fixed them. I don't want to leave my company without stable connection anymore.
I will wait for the new firmware version, if there are problems on it, then I will post here.
p.s.
There was also a big problem with packet loss in VPN IPSEC tunnels. It was solved by disabling "npu offload" in "config vpn ipsec phase1-interface".
But this problem is between Zyxel and FortiGate 90G, so I didn't describe it in the first post.

1570
0 Kudos
Imperlin
New Contributor II

Created on ‎07-21-2024 11:57 PM

Hello d_konyayev do you still have problems with traffic shaping? What was your solution?

Maybe we have a customer with the same problem. He have problems with MS Teams. On some clients the application dont get a network connection.

1275
0 Kudos
d_konyayev
New Contributor II
In response to Imperlin

Created on ‎07-22-2024 09:40 AM

Hello.
1. I downgraded the firmware version to 7.0.12.
2. I enable shaper in firewall policies
3. After enabling traffic shaper in policies, make sure to reboot fortigate.
4. If I make any changes to the Traffic Shaper without rebooting fortigate, the problem returns.

1254
0 Kudos
d_konyayev
New Contributor II

Created on ‎08-23-2024 05:38 AM

Hello friends.
I updated the firmware to version 7.2.9
The problem with the traffic shaper was not solved.
For the experiment, I created a policy that limits TikTok and Instagram.

2.jpg
Everything worked fine, but after a day, traffic to TikTok and Instagram stopped working.
When I disable the rule in Traffic Shaper, I also get access to Instagram and TikTok. If I enable the rule again, the resources stop working. 

1.jpg

3.jpg

If I create any new rule, for example, limit the speed of traffic from my computer to the Internet, then my computer will immediately lose access to the Internet. If I disable this rule, the Internet will turn on.

The problem is solved only by rebooting FortiGate.
A day later, the problem repeats.
But if I enable bandwidth limitation in the firewall policies, then reboot FortiGate, the traffic will not be blocked for many days. The problem will return when I change any settings related to bandwidth limitation. And I will have to reboot fortigate again.

This is very bad and I want Forti to solve this problem.

739
0 Kudos
d_konyayev
New Contributor II

Created on ‎08-25-2024 10:15 PM Edited on ‎08-25-2024 10:32 PM

https://youtu.be/_MwJDnRvXjA -  Example of a problem 

 

 

677
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.