Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ShaileshMdr
New Contributor III

IPSec Tunnel Bandwidth Monitor Issue

Dear Team,

 

I am facing a strange issue with my IPSec tunnel interface.

When i am trying to add that tunnel in bandwidth monitor it shows that maximum interface bandwidth reached.

But when i see the widget it shows that the bandwidth monitor for this interface is disabled.

I have tried enabling bandwidth monitor for that VPN interface, when i do so it shows maximum interface bandwidth reached.

 

Please assist me in this.

Thanks 

Shailesh

VPN1.png

#nse4
#nse4
1 Solution
srajeswaran
Staff
Staff

As per the below article, the maximum number of interfaces to monitor are 25. Are you hitting this limit? Can you remove any other interface and check.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Maximum-number-of-interface-history-widget...

 

 

running the same debug suggested in above article will be helpful.

 

Verify if the maximum limit has been reached by running a debug:

##diag debug app forticron
#diag debug enable

                             <----- Add new interface widget.

Output will be:

Admin table has changed, updating interfaces for traffic history.
update_tr_history_intfs()-253: Maximum # of monitored interfaces reached. Failed to track new interface.
Please remember to disable the debug using "diag debug disable"
Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

8 REPLIES 8
srajeswaran
Staff
Staff

As per the below article, the maximum number of interfaces to monitor are 25. Are you hitting this limit? Can you remove any other interface and check.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Maximum-number-of-interface-history-widget...

 

 

running the same debug suggested in above article will be helpful.

 

Verify if the maximum limit has been reached by running a debug:

##diag debug app forticron
#diag debug enable

                             <----- Add new interface widget.

Output will be:

Admin table has changed, updating interfaces for traffic history.
update_tr_history_intfs()-253: Maximum # of monitored interfaces reached. Failed to track new interface.
Please remember to disable the debug using "diag debug disable"
Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
ShaileshMdr

Hello Suraj,

 

I can confirm that i am not hitting the 25 limit.

Also when I try to remove an existing bandwidth monitor and add that particular IPSec tunnel it still says the same thing, but when i add and interface monitor of other interface i can do so successfully.

 

Reagrds

Shailesh

#nse4
#nse4
srajeswaran

Hello Shailesh,

 

Can you collect the debug as suggested in the article, it may give us some clue.

 

#diag debug app forticron
#diag debug enable

Add the widget and then disable the debug and share the output

 

Thanks,

Suraj

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
ShaileshMdr

Hello Suraj,

I have resolved my issue. After I ran multiple tests on my R&D device I learnt that when fortinet meant MAX 25 BW monitoring interface they meant 25 shared amongst all the administrators, Initially I had mistaken it for 25 per administrator. So I removed the BW monitor interfaces from other administrators and it worked.

Thanks for the solutions.

 

Reagards 

Shailesh

 

#nse4
#nse4
srajeswaran

Glad to hear that. Thanks for sharing the details.

 

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
DCX_Dezso

Hi,

 

Would you mind sharing how you managed to do that? I would assume in the cli somehow. I just can't find the config.
Perhaps I'm not looking hard enough, but this will be a great help.

 

Regards

Dezso Schaap
Dezso Schaap
ShaileshMdr

Hello Dezso,

 

So how this works is suppose Admin 1 has port1 to port25 interfaces in his/her dashboard monitored and now if  Admin 1 wants to add another interface lets say port26 they will not be able to do so. Now if there is another Admin 2, he/she is allowed to add the interfaces that Admin1 already has i.e. from port1 to port25 but will not be allowed to monitor port26 same case as for Admin 1. Now if Admin 2 or Admin 1 wants to monitor port26 then both Admin 1 and Admin 2 must remove any 1 already monitoring interface (lets say port 25) then only will both the admin 1&2 be allowed to monitor port26.

 

Reagards

Shailesh

#nse4
#nse4
DCX_Dezso

Thanks very much, that is most insightful :)

Dezso Schaap
Dezso Schaap
Labels
Top Kudoed Authors