Hello
We are having a really strange issue with our Fortigate 600c. The unit will go to "sleep", usually during the night sometime but the past week it has happened a few times a day, and the campus will loose internet access. As soon as somebody tries to access the unit, you don't even seem to have to log in, it will "wake" back up and usually works for a few hours before having the same issue. Its really odd, I don't see anything in the logs and since the unit starts working as soon as you web in, it makes it very hard to troubleshoot because it is always working when we are logged into it.
Cheers!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Have you tried SSH access and/or console - needs a terminal server for remote access - while it's "sleeping"? Did it still wake up?
I have not tried that, next time it goes down today I will give it a whirl. I am really hoping it is not a hardware fault. We are currently on Firmware v5.2.9, build736.
Yes it worked, when I terminal into the unit it also starts working. So basically it seems to go to sleep until there is any access attempt what so ever. There is never anything in the logs though, it just turns into a brick or something.
The only thing that is in the logs is "DHCP Statistics", that shows up a few times from about 2 AM to about 7 AM each morning, I assume that has nothing to do with it. I have factory reset and re-applied the backed up config file, and it is still doing it. If I have to rebuild from scratch I am not sure how to reapply license files.
Does it log correctly while you're connected to it? That is, can you check the logs on disk and find normal traffic there, or are there no logs getting written even while you're connected?
Have you (after backing up logs to external device) run exec formatlogdisk? I've needed to do that for two different FortiGates after a firmware update.
How are you doing the terminal connection? If you use the actual console connection (serial cable adaptor) instead of SSH does that also wake it up? You could leave a (locked) laptop connected to the serial console port logging its output overnight. Or set it up to send logs to a syslog server.
Logging appears to be normal, when the unit is at fault and when it is working we get the usual logs. I just noticed going through the Forward traffic logs that when the unit is at fault clients keep making DNS requests over and over again and assumably failing. Every few seconds there will be a DNS forward in the logs (Action is "accept"). When the unit was down this morning I tried to ping a site by its IP and it did not work so I don't think its just DNS.
I have not run a formatlogdisk command, I will try that now.
I was using the console port with a laptop and that was waking the unit up. I will try your suggestion tonight cheers.
You don't have to log into it, just connecting to it without logging in makes it come online
Seems like an ARP issue..... Check the MAC addresses / ARP-Table on the Switch that connects to the FGT.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1094 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.