Dear All,
I have strange trouble, I have 2 Fortigate running HA (A-P), and have 2 internet connected (internet leased line).
Line 01 is working well, but line 2 , its flap down around 30 seconds, interval ~ 30 minutes. During this happened, I can not ping from outside to this public IP address, and also can not ping to internet use this Source IP.
Between FWs and ISP, I have switches to share internet line. I checked packet drop on the switch, and did not see drop packet stats.
(FW FGT <--> SW L2 <--> ISP)
Are there any you guys see same problem ?
Thank you !
Hi,
In the logs on the FW and SW, what do you see in the logs about the interface in question when it flaps?
I check loged and see link-monitor warned : link down (can not ping to 8.8.8.8)
FW interface has static ip and I have default gateway.
I try tcpdump (diagnose) in FW, and see when it happen, FW can sent packet icmp out (icmp request) but no icmp reply.
And I can not ping from outsite to my public ip, but can ping public GW (ISP)
In switches, I checked whether packet dropped or not, and see no packet drop.
Created on 01-05-2025 11:53 PM Edited on 01-05-2025 11:59 PM
In this case, I would contact the ISP for line02 and ask them if they are having issues for this service and RFO/ETR.
L.E.
Based on the link-monitor logs, the configured monitor towards the destination is not always fulfilled/reachable. You might need to also take a look at the config of the link-monitor to not be too 'aggresive' in interval. I think that public servers like 8.8.8.8 and others have implemented in the recent past some restrictions and might be a false positive if it's a too short interval.
Hi @tnxxxx59 ,
It seems that you checked the HA logs. Please check the System Event logs.
Created on 01-09-2025 02:38 AM Edited on 01-09-2025 02:41 AM
Hi @dingjerry_FTNT,
I checked HA log , and saw it is normal.
System event log has alarm of port disconnected, Because , link monitor is dead.
as I shown above.
I call ISP , and they comfirmed no problem on their side, I guess that this bug of OS 7.4.4. Because, I also have another FortiGate FW (only one, no HA, runnning OS 7.2.10) connected to the same SW and I assigned IP address in same range of the ISP, and set up link monitor to same IP, there are no issue.
FW (HA) <---> SW <--> ISP
|
Test FW <----> |
How do you think ?
Can you post the link-monitor configuration of the problematic FW ?
Created on 01-09-2025 02:52 AM Edited on 01-09-2025 02:53 AM
this is link-monitor config:
-----------------------------
config system link-monitor
edit "Check-ISP1"
set srcintf "x3"
set server "8.8.8.8"
set gateway-ip <ISP1 public IP> <-- this is correct i am sure
set source-ip <Public IP of x3 port>
set interval 8000
set probe-timeout 3000
set recoverytime 3
set probe-count 15
next
also for, diagnose sys link-monitor status ?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1788 | |
1119 | |
768 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.