Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bhoot960
New Contributor

Created on ‎03-13-2025 01:43 PM

Fortinet Crash - 7.4.7

Recently upgraded my firewall fleet (about 15 60f's, 2 100f's)

We're experiencing a crash of some sort every 2-4 days.

Of course a ticket has been opened and they're working it, albeit very very slowly. Pretty disappointed in their lack of urgency and overall continued lack of code quality.

The crash debug logs from the console session has:

NP6XLITE: __np6xlite_tunmgr_write:61 timeout

Not sure if anyone has seen this or knows anything about this issue ---- we're experiencing a high impact when this crash occurs, of course.

10.0.0.0.1 192.168.1.254
10.0.0.0.1 192.168.1.254
Labels:
974
0 Kudos
7 REPLIES 7
AEK
SuperUser
SuperUser

Created on ‎03-15-2025 04:25 AM

As a troubleshooting step you may try disable the np6xlite processors for a couple of days just to see the behavior.

https://docs.fortinet.com/document/fortigate/7.4.7/hardware-acceleration/246096

Do it for every processor id.

This may add load to your CPU, so you need to monitor your CPU while the NP processors are disabled.

AEK
AEK
930
SChundandavida
New Contributor

Created on ‎03-17-2025 09:55 AM

We are also experiencing the similar issues, every 2-3 days the active primary gets restarted ever since upgrade to 7.4.7.

the last reboot reason shows as power cycle

system events in the device shows "Fortigate had experienced an unexpected power off!"
Comlog log says as below (https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-the-COMLog-feature/ta-p/195390)
Kernel panic - not syncing: Fatal exception in interrupt
Rebooting in 5 seconds..

873
Kangming
Staff
Staff

Created on ‎03-17-2025 02:23 PM

Customer Facing Description High CPU peak issue after upgrading to versions higher than the following ones:
7.0.16, 7.0.17, 7.2.11, 7.4.6 or 7.4.7
    Workaround To disable IPsec phase1 npu-offload during the maintenance window

FW1 #config vpn ipsec phase1-interface
FW1 (phase1-interface) # edit <Phase1 Name>
FW1 # set npu-offload disable
FW1# end
    Trigger Condition np6xlite(soc4), np6lite(soc3) and np7lite(soc5) can all be affected.

Thanks

Kangming

843
0 Kudos
SecrIT
New Contributor

Created on ‎03-17-2025 03:20 PM

Hopefully Fortinet finds and resolves the bug as more and more customers of ours are running into this bug and forcing us to take the devices out of production and revert to previous vendors gear.

820
0 Kudos
Kangming
Staff
Staff
In response to SecrIT

Created on ‎03-18-2025 11:21 AM

Dear customer, Our dev has investigated and made a code fix, which is expected to be resolved in the next GA version. I've reported your situation to the Dev and QA teams thanks for your feedback.

Thanks

Kangming

743
SChundandavida
New Contributor
In response to Kangming

Created on ‎03-19-2025 04:22 AM

Thanks, what is the tentative date set for next release?

680
0 Kudos
Kangming
Staff
Staff
In response to SChundandavida

Created on ‎03-19-2025 09:53 AM Edited on ‎03-19-2025 04:32 PM

Hi 

It may be expected to be released next month. Please consult the TAC/SE team for details.

Thanks

Kangming

648
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.