Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Portinari
New Contributor

Loss of communication between L3 equipment on the firewall

I am using a VM image of Fortigate version 7.2.7 that I downloaded from the Fortinet website.

I have the following problem: I configured VLANs on the firewall to control communication between VLANs. After one hour, the communication between two different devices via the firewall stops.

To resolve this, I need to format the firewall and restore the backup, which makes it work for another hour.

I am using EVE-NG version 6.2.0 and emulating Fortigate 7.2.7. I have tried other versions as well (EX: 7.0.0, 7.2.0), but the same error occurs.

1 Solution
abarushka
Staff
Staff

Hello,

 

I would recommend to double check whether license is verified. Moreover, once the issue is reproduced you may consider to collect debug flow by running the commands below:

 

diagnose debug flow filter daddr <destination IP address>
diagnose debug flow show function-name enable
diagnose debug flow trace start 100
diagnose debug enable

FortiGate

View solution in original post

5 REPLIES 5
abarushka
Staff
Staff

Hello,

 

I would recommend to double check whether license is verified. Moreover, once the issue is reproduced you may consider to collect debug flow by running the commands below:

 

diagnose debug flow filter daddr <destination IP address>
diagnose debug flow show function-name enable
diagnose debug flow trace start 100
diagnose debug enable

FortiGate
Portinari

 

Hello, I don't have a license because I'm using a version of Fortinet that I downloaded from their website, in the VM download section.

 

"Below is the debug."

 


FW-GCP # id=65308 trace_id=8 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1
. type=8, code=0, id=1242, seq=274."
id=65308 trace_id=8 func=init_ip_session_common line=6043 msg="allocate a new session-00000790, tun_id=0.0.0.0"
id=65308 trace_id=8 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=9 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8,
code=0, id=1242, seq=275."
id=65308 trace_id=9 func=init_ip_session_common line=6043 msg="allocate a new session-00000791, tun_id=0.0.0.0"
id=65308 trace_id=9 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=10 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=276."
id=65308 trace_id=10 func=init_ip_session_common line=6043 msg="allocate a new session-00000792, tun_id=0.0.0.0"
id=65308 trace_id=10 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=11 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=277."
id=65308 trace_id=11 func=init_ip_session_common line=6043 msg="allocate a new session-00000793, tun_id=0.0.0.0"
id=65308 trace_id=11 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=12 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=278."
id=65308 trace_id=12 func=init_ip_session_common line=6043 msg="allocate a new session-00000797, tun_id=0.0.0.0"
id=65308 trace_id=12 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=13 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=279."
id=65308 trace_id=13 func=init_ip_session_common line=6043 msg="allocate a new session-00000798, tun_id=0.0.0.0"
id=65308 trace_id=13 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=14 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=280."
id=65308 trace_id=14 func=init_ip_session_common line=6043 msg="allocate a new session-00000799, tun_id=0.0.0.0"
id=65308 trace_id=14 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=15 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=281."
id=65308 trace_id=15 func=init_ip_session_common line=6043 msg="allocate a new session-0000079b, tun_id=0.0.0.0"
id=65308 trace_id=15 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=16 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=282."
id=65308 trace_id=16 func=init_ip_session_common line=6043 msg="allocate a new session-0000079c, tun_id=0.0.0.0"
id=65308 trace_id=16 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=17 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=283."
id=65308 trace_id=17 func=init_ip_session_common line=6043 msg="allocate a new session-0000079e, tun_id=0.0.0.0"
id=65308 trace_id=17 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=18 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=284."
id=65308 trace_id=18 func=init_ip_session_common line=6043 msg="allocate a new session-0000079f, tun_id=0.0.0.0"
id=65308 trace_id=18 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=19 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=285."
id=65308 trace_id=19 func=init_ip_session_common line=6043 msg="allocate a new session-000007a0, tun_id=0.0.0.0"
id=65308 trace_id=19 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=20 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=286."
id=65308 trace_id=20 func=init_ip_session_common line=6043 msg="allocate a new session-000007a2, tun_id=0.0.0.0"
id=65308 trace_id=20 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=21 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=287."
id=65308 trace_id=21 func=init_ip_session_common line=6043 msg="allocate a new session-000007a3, tun_id=0.0.0.0"
id=65308 trace_id=21 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=22 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=288."
id=65308 trace_id=22 func=init_ip_session_common line=6043 msg="allocate a new session-000007a7, tun_id=0.0.0.0"
id=65308 trace_id=22 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=23 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=289."
id=65308 trace_id=23 func=init_ip_session_common line=6043 msg="allocate a new session-000007a8, tun_id=0.0.0.0"
id=65308 trace_id=23 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=24 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=290."
id=65308 trace_id=24 func=init_ip_session_common line=6043 msg="allocate a new session-000007a9, tun_id=0.0.0.0"
id=65308 trace_id=24 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=25 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=291."
id=65308 trace_id=25 func=init_ip_session_common line=6043 msg="allocate a new session-000007ab, tun_id=0.0.0.0"
id=65308 trace_id=25 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=26 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=292."
id=65308 trace_id=26 func=init_ip_session_common line=6043 msg="allocate a new session-000007ac, tun_id=0.0.0.0"
id=65308 trace_id=26 func=__vf_ip_route_input_rcu line=2001 msg="find a route: flag=00000000 gw-172.0.0.254 via port2"
id=65308 trace_id=27 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=1, 10.206.127.200:1242->172.26.0.200:2048) tun_id=0.0.0.0 from port1. type=8
, code=0, id=1242, seq=293."

 

Portinari

Thank you for your help and sorry for the delay.

Here is the solution for people who are looking for something related to L3 on the Fortigate firewall that stops working.

The problem really lies with the license. When I download the VM directly from the Fortinet website, it shows a valid license status."

 

2024-07-01 22 34 38.png


When the L3 of the Fortigate stops working, the license becomes invalid, causing the error.

2024-07-01 22 36 01.png

 

My solution was to get an image from a site that remains valid for 15 days

ebilcari
Staff
Staff

Based on your description it seems like the hypervisor/emulator stops processing the tagged traffic. In my experience this happens often for all type of emulators and maybe just by disconnecting and connecting the port/connection, will make it work again.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Portinari

Hello, I am using the VMware version 12 to emulate EVE-NG. In my case, my hypervisorlaunchtype is set to Off because if I activate it, VMware gives the error below when it tries to execute the images or even EVE-NG.

 

Hypervisor off

hypervisor.png

 

When I activate the hypervisor my vm have a error

 

 

Error Hypervisor.png

 

That's why I leave it off. Do you think this problem with Fortigate could be because of this? Do you have any other ideas?

Thank you

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors