Fortigate Interface Disconnected Frequency

tnxxxx59 · ‎01-05-2025

Dear All,

I have strange trouble, I have 2 Fortigate running HA (A-P), and have 2 internet connected (internet leased line).

Line 01 is working well, but line 2 , its flap down around 30 seconds, interval ~ 30 minutes. During this happened, I can not ping from outside to this public IP address, and also can not ping to internet use this Source IP.

Between FWs and ISP, I have switches to share internet line. I checked packet drop on the switch, and did not see drop packet stats.

(FW FGT <--> SW L2 <--> ISP)

Are there any you guys see same problem ?

Thank you !

funkylicious · ‎01-05-2025

Hi,
In the logs on the FW and SW, what do you see in the logs about the interface in question when it flaps?

"jack of all trades, master of none"

tnxxxx59 · ‎01-05-2025

Hi @funkylicious

I check loged and see link-monitor warned : link down (can not ping to 8.8.8.8)

FW interface has static ip and I have default gateway.

I try tcpdump (diagnose) in FW, and see when it happen, FW can sent packet icmp out (icmp request) but no icmp reply.

Screenshot 2025-01-06 143423.png

And I can not ping from outsite to my public ip, but can ping public GW (ISP)

In switches, I checked whether packet dropped or not, and see no packet drop.

funkylicious · ‎01-05-2025

In this case, I would contact the ISP for line02 and ask them if they are having issues for this service and RFO/ETR.

L.E.

Based on the link-monitor logs, the configured monitor towards the destination is not always fulfilled/reachable. You might need to also take a look at the config of the link-monitor to not be too 'aggresive' in interval. I think that public servers like 8.8.8.8 and others have implemented in the recent past some restrictions and might be a false positive if it's a too short interval.

"jack of all trades, master of none"

dingjerry_FTNT · ‎01-06-2025

Hi @tnxxxx59 ,

It seems that you checked the HA logs. Please check the System Event logs.

Regards,

Jerry

tnxxxx59 · ‎01-09-2025

Hi @dingjerry_FTNT,

I checked HA log , and saw it is normal.

System event log has alarm of port disconnected, Because , link monitor is dead.

as I shown above.

I call ISP , and they comfirmed no problem on their side, I guess that this bug of OS 7.4.4. Because, I also have another FortiGate FW (only one, no HA, runnning OS 7.2.10) connected to the same SW and I assigned IP address in same range of the ISP, and set up link monitor to same IP, there are no issue.

FW (HA) <---> SW <--> ISP

|

Test FW <----> |

How do you think ?

funkylicious · ‎01-09-2025

Can you post the link-monitor configuration of the problematic FW ?

"jack of all trades, master of none"

tnxxxx59 · ‎01-09-2025

Hi @funkylicious

this is link-monitor config:

-----------------------------

config system link-monitor
edit "Check-ISP1"
set srcintf "x3"
set server "8.8.8.8"
set gateway-ip <ISP1 public IP> <-- this is correct i am sure
set source-ip <Public IP of x3 port>
set interval 8000
set probe-timeout 3000
set recoverytime 3
set probe-count 15
next

funkylicious · ‎01-09-2025

also for, diagnose sys link-monitor status ?

"jack of all trades, master of none"

tnxxxx59 · ‎01-09-2025

Hi @funkylicious

this is diag status:

Screenshot 2025-01-10 090941.png

Fortigate Interface Disconnected Frequency

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website