Dear Guru,
Our company has 5 branches, which are all using Fortigate VPN firewall connection.
HQ-80C 192.168.1.x
Branch1-30E 192.168.2.x
Branch2-30E 192.168.3.x
Branch3-30E 192.168.4.x
Branch4-30E 192.168.5.x
Recently, after the HQ firewall restarted due to power shutdown, we have encountered an issue, the branches stuffs send a print job from their branch to another branch, (for example, print from 192.168.2.21 to 192.168.1.15)the connection speed became very slow, ususally should reach to 200kbs, and now only 30bps... (the ISP speed is upto 1000MPS)
Appreicate if you can reply asap, as we had struggling for few days..
Thanks.
Dear Gurus,
Anybody help?
hi,
and welcome to the forums.
This is wild guessing but maybe the internal flash has been corrupted by the power outage. This would matter if you use the 80C for explicit proxying, for instance.
Anyway, if you agree to this theory you could do the following to fix it:
- save a backup of the current configuration (un-encrypted, that is, in clear text)
- prepare to rebuild the flash: get the image file for the firmware you are using, get a TFTP server and a serial connection to the 80C (putty will do, or Hyperterm); connect a notebook to port1/internal via TP cable
- in the CLI via serial: login, "exec reboot" and interrupt the boot process by hitting a key
- F format the disk (this will erase the firmware, the config and all logs!!!)
- load the firmware image using the TFTP server
- boot up the FGT, log in via WebGUI as 'admin' / no password on 192.168.1.99
- restore your config from backup file
- reboot and you're where you took off
This will of course cause noticable downtime. If you don't feel confident to follow this procedure then please get professional help from a Fortinet partner.
Be aware that the config file will NOT contain any certificates which you may have imported yourself! e.g. for IPsec VPN, SSLVPN, admin access etc.
Dear ede,
Thanks for your reply and support.
This is wild guessing but maybe the internal flash has been corrupted by the power outage. -- Yes, I think so. - save a backup of the current configuration (un-encrypted, that is, in clear text)
-- Thanks for the details of the steps, however, if I even cannot get a backup file, how should I do for this situation?
I found that after the fortigate reboot again, I could get the backup file by click the 'Backup' Button, at this moment, the fortigate just UP for few minutes only. However, I tried to do this again after Fortigate UP for 1 days, the status backup to hanging there, and I could seen the circle rounding at the top of the browser tab only...
I am not sure this is becuase of the hardware issue or software OS issue? the current version is 'v4.0,build0521,120313 (MR3 Patch 6)'
I have attached pic from 80C dashboard, it shows many fields are expired or unlicensed, is this the root causes for the above issues that I mentioned?
Could you advise what is the best way to resolve it?
Appreciated your help and advise, thanks.
- prepare to rebuild the flash: get the image file for the firmware you are using, get a TFTP server and a serial connection to the 80C (putty will do, or Hyperterm); connect a notebook to port1/internal via TP cable - in the CLI via serial: login, "exec reboot" and interrupt the boot process by hitting a key - F format the disk (this will erase the firmware, the config and all logs!!!) - load the firmware image using the TFTP server - boot up the FGT, log in via WebGUI as 'admin' / no password on 192.168.1.99 - restore your config from backup file - reboot and you're where you took off This will of course cause noticable downtime. If you don't feel confident to follow this procedure then please get professional help from a Fortinet partner. Be aware that the config file will NOT contain any certificates which you may have imported yourself! e.g. for IPsec VPN, SSLVPN, admin access etc.
First, I don't think that your situation is caused by expired licences. Only webfiltering will stop traffic if it expires.
So, either you have the config on file (even an old one), or you'll have to rebuild it after the repair attempt.
You could try to get the config via the console port CLI as this usually takes less resources and will shut down later in the process. I wonder how the FGT is still processing traffic while being crippled in such a way...
In the CLI, you enter 'exec backup config usb somename.conf' and store the config file onto a USB stick which you attach to the FGT's USB port. Keep your fingers crossed that this will work quick enough.
Firmware v4.3.6 is, in IT security terms, ancient. As you've mentioned expired licences, make sure you still have access to a copy of this firmware image. Even if you get hold of a newer version you will have to rebuild the config manually. Note that you'll probably need to get the VPN's PSK in cleartext to do so.
Before going through these hassles, is there no Fortinet partner around to assist you in this? There must have been one selling you the FGTs. Second, you may as well consider getting a new FGT. The contract is less expensive, the hardware very capable in comparison and over time you'll get your investment back.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.