Hey guys. I am an FGT90G owner.
I have tested firmware 7.0.12, 7.0.13, 7.0.14, 7.0.15.
1. On all firmware there is a problem with Traffic Shaping Policies.
I have configured a few rules in Traffic Shaping Policies. The network works fine, but after a few hours, all traffic that matches these rules stops working. After that, I disable the rules in Traffic Shaping Policies and my network works again.
If I re-enable the rule in Traffic Shaping Policies, the network does not work.
In the logs I see errors - Session time out.
The problem is solved only after rebooting the FortiGate.
But on firmware 7.0.12, if you turn off the rules in Traffic Shaping Policies and turn on the shaper in Firewall Policies, the Network works without problems. (26.07.2024 - The problem returns if I make changes in Trafic Shaper. Solution: Reboot the FortiGate)
2. Second problem.
It is only present in versions 7.0.13, 7.0.14, 7.0.15.
I have 29 routers of Zyxel usg-20-vpn connected to FGT90G as Dial-Up IpSEC.
After rebooting the FGT90G or Zyxel, no access to the internal network of some Zyxel.
After entering the command "get router info routing-table all ", I see:
S 10.1.51.0/24 [15/0] via Vpn-Ike2-Tun_KT tunnel 10.0.0.22, [1/0]
[15/0] via Vpn-Ike2-Tun_NL tunnel 44.7.263.77
But PING to 10.1.51.0/24 doesn't work.
I enter the command: "diagnose vpn tunnel flush"
After that I can see the network 10.1.51.0
After entering the command "get router info routing-table all ", I see:
S 10.1.51.0/24 [15/0] via Vpn-Ike2-Tun_KT tunnel 44.7.263.77, [1/0]
This problem is not present on firmware 7.0.12.
Hi @d_konyayev,
For both issues, it will be useful to collect debug flow when the issue is happening. Please refer to this article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...
Regards,
Thank you for your reply.
I had problems for a month after installing the FG90G.
I have now fixed them. I don't want to leave my company without stable connection anymore.
I will wait for the new firmware version, if there are problems on it, then I will post here.
p.s.
There was also a big problem with packet loss in VPN IPSEC tunnels. It was solved by disabling "npu offload" in "config vpn ipsec phase1-interface".
But this problem is between Zyxel and FortiGate 90G, so I didn't describe it in the first post.
Hello d_konyayev do you still have problems with traffic shaping? What was your solution?
Maybe we have a customer with the same problem. He have problems with MS Teams. On some clients the application dont get a network connection.
Hello.
1. I downgraded the firmware version to 7.0.12.
2. I enable shaper in firewall policies
3. After enabling traffic shaper in policies, make sure to reboot fortigate.
4. If I make any changes to the Traffic Shaper without rebooting fortigate, the problem returns.
Hello friends.
I updated the firmware to version 7.2.9
The problem with the traffic shaper was not solved.
For the experiment, I created a policy that limits TikTok and Instagram.
Everything worked fine, but after a day, traffic to TikTok and Instagram stopped working.
When I disable the rule in Traffic Shaper, I also get access to Instagram and TikTok. If I enable the rule again, the resources stop working.
If I create any new rule, for example, limit the speed of traffic from my computer to the Internet, then my computer will immediately lose access to the Internet. If I disable this rule, the Internet will turn on.
The problem is solved only by rebooting FortiGate.
A day later, the problem repeats.
But if I enable bandwidth limitation in the firewall policies, then reboot FortiGate, the traffic will not be blocked for many days. The problem will return when I change any settings related to bandwidth limitation. And I will have to reboot fortigate again.
This is very bad and I want Forti to solve this problem.
Hi @d_konyayev , thank you for your reply. We can reproduce the problem on our FGT90G. Do you open a support ticket?
Hello friend. I updated to version 7.4.5
This version does not have this problem.
Thank you @d_konyayev for your feedback.
I will discuss this with my customer and maybe try it out.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.