Hello all.

I've a problem with a subordinate firewall. LACPs status are:

primary

FGT600_1 # diagnose netlink aggregate name LACP01
LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)
(A|P) - LACP mode is Active or Passive
(S|F) - LACP speed is Slow or Fast
(A|I) - Aggregatable or Individual
(I|O) - Port In sync or Out of sync
(E|D) - Frame collection is Enabled or Disabled
(E|D) - Frame distribution is Enabled or Disabled

status: up
npu: y
flush: n
asic helper: y
oid: 188
ports: 2
link-up-delay: 50ms
min-links: 1
ha: master
distribution algorithm: L4
LACP mode: active
LACP speed: slow
LACP HA: enable
aggregator ID: 1
actor key: 33
actor MAC address: 04:d5:90:6f:7b:46
partner key: 292
partner MAC address: b4:99:ba:39:21:00

slave: x1
index: 0
link status: up
link failure count: 0
permanent MAC addr: 04:d5:90:6f:7b:46
LACP state: established
actor state: ASAIEE
actor port number/key/priority: 1 33 255
partner state: ASAIEE
partner port number/key/priority: 141 292 0
partner system: 63151 b4:99:ba:39:21:00
aggregator ID: 1
speed/duplex: 10000 1
RX state: CURRENT 6
MUX state: COLLECTING_DISTRIBUTING 4

slave: x2
index: 1
link status: up
link failure count: 0
permanent MAC addr: 04:d5:90:6f:7b:47
LACP state: established
actor state: ASAIEE
actor port number/key/priority: 2 33 255
partner state: ASAIEE
partner port number/key/priority: 45 292 0
partner system: 63151 b4:99:ba:39:21:00
aggregator ID: 1
speed/duplex: 10000 1
RX state: CURRENT 6
MUX state: COLLECTING_DISTRIBUTING 4

# # #

subsidiary

FGT600_2 # diagnose netlink aggregate name LACP01
LACP flags: (A|P)(S|F)(A|I)(I|O)(E|D)(E|D)
(A|P) - LACP mode is Active or Passive
(S|F) - LACP speed is Slow or Fast
(A|I) - Aggregatable or Individual
(I|O) - Port In sync or Out of sync
(E|D) - Frame collection is Enabled or Disabled
(E|D) - Frame distribution is Enabled or Disabled

status: down
npu: y
flush: n
asic helper: y
oid: 188
ports: 2
link-up-delay: 50ms
min-links: 1
ha: backup
distribution algorithm: L4
LACP mode: active
LACP speed: slow
LACP HA: enable
aggregator ID: 3
actor key: 33
actor MAC address: 04:d5:90:6f:76:cf
partner key: 1
partner MAC address: 00:00:00:00:00:00

slave: x2
index: 0
link status: up
link failure count: 0
permanent MAC addr: 04:d5:90:6f:76:cf
LACP state: negotiating
actor state: ASAIDD
actor port number/key/priority: 2 33 255
partner state: ASIODD
partner port number/key/priority: 1 1 255
partner system: 662 00:00:00:00:00:00
aggregator ID: 3
speed/duplex: 10000 1
RX state: DEFAULTED 5
MUX state: ATTACHED 3

slave: x1
index: 1
link status: up
link failure count: 0
permanent MAC addr: 04:d5:90:6f:76:ce
LACP state: negotiating
actor state: ASAODD
actor port number/key/priority: 3 33 255
partner state: ASIODD
partner port number/key/priority: 1 1 255
partner system: 662 00:00:00:00:00:00
aggregator ID: 1
speed/duplex: 10000 1
RX state: DEFAULTED 5
MUX state: WAITING 2

## #

FG1 has all port to SWITCH1 and FG2 to SWITCH2.

I checked switch configuration with the customer and seems to be fine. The same between the two switches.

If I move FG2 X1-X2 ports to the switch connected to FG1, the problem is there, while the FG1 X1-X2 ports work fine on SW2. It seems not to be the switch.

I couldn't change SFP+10G, but above test confirm all of them, on both SW1 and 2, are working.