Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tnxxxx59
New Contributor II

Fortigate Interface Disconnected Frequency

Dear All,

 

I have strange trouble, I have 2 Fortigate running HA (A-P), and have 2 internet connected (internet leased line). 

Line 01 is working well, but line 2 , its flap down around 30 seconds, interval ~ 30 minutes. During this happened, I can not ping from outside to this public IP address, and also can not ping to internet use this Source IP.

 

Between FWs and ISP, I have switches to share internet line. I checked packet drop on the switch, and did not see drop packet stats.

(FW FGT  <--> SW L2 <--> ISP)

Are there any you guys see same problem ?

 

Thank you !

9 REPLIES 9
funkylicious
SuperUser
SuperUser

Hi,
In the logs on the FW and SW, what do you see in the logs about the interface in question when it flaps?

"jack of all trades, master of none"
"jack of all trades, master of none"
tnxxxx59

Hi @funkylicious 

I check loged and see link-monitor warned : link down (can not ping to 8.8.8.8)

Screenshot 2025-01-06 142641.png

 

FW interface has static ip and I have default gateway.

I try tcpdump (diagnose) in FW, and see when it happen, FW can sent packet icmp out (icmp request) but no icmp reply.

Screenshot 2025-01-06 143423.png

And I can not ping from outsite to my public ip, but can ping public GW (ISP)

 

In switches, I checked whether packet dropped or not, and see no packet drop.

 

funkylicious

In this case, I would contact the ISP for line02 and ask them if they are having issues for this service and RFO/ETR.

 

L.E.

Based on the link-monitor logs, the configured monitor towards the destination is not always fulfilled/reachable. You might need to also take a look at the config of the link-monitor to not be too 'aggresive' in interval. I think that public servers like 8.8.8.8 and others have implemented in the recent past some restrictions and might be a false positive if it's a too short interval.

"jack of all trades, master of none"
"jack of all trades, master of none"
dingjerry_FTNT

Hi @tnxxxx59 ,

 

It seems that you checked the HA logs.  Please check the System Event logs.

Regards,

Jerry
tnxxxx59

Hi @dingjerry_FTNT

I checked HA log , and saw it is normal. 

System event log has alarm of port disconnected, Because , link monitor is dead.

as I shown above.

 

I call ISP , and they comfirmed no problem on their side, I guess that this bug of OS 7.4.4. Because, I also have another FortiGate FW (only one, no HA, runnning OS 7.2.10) connected to the same SW and I assigned IP address in same range of the ISP, and set up link monitor to same IP, there are no issue. 

 

FW (HA)  <---> SW <--> ISP

                          |

Test FW  <---->  |

 

How do you think ? 

 

funkylicious

Can you post the link-monitor configuration of the problematic FW ?

"jack of all trades, master of none"
"jack of all trades, master of none"
tnxxxx59

Hi @funkylicious 

this is link-monitor config:

 

-----------------------------

config system link-monitor
edit "Check-ISP1"
set srcintf "x3"
set server "8.8.8.8"
set gateway-ip <ISP1 public IP> <-- this is correct i am sure
set source-ip <Public IP of x3 port>
set interval 8000
set probe-timeout 3000
set recoverytime 3
set probe-count 15
next

funkylicious

also for, diagnose sys link-monitor status ?

"jack of all trades, master of none"
"jack of all trades, master of none"
tnxxxx59

Hi @funkylicious 

 

this is diag status:

Screenshot 2025-01-10 090941.png

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors