Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jpereira
New Contributor

No Longer Able to Access unit via HTTPS

Hi - I am having a problem with a FortiGate 200B unit. At the present time I am unable to access the unit via HTTPS which is how we have been accessing the unit for many years now. I am able to Telnet to the unit but upon loggin this is what I am presented with: FortiGate200B-B login: admin Password: ********* No entry for terminal type " ansi" ; using dumb terminal settings. Welcome ! Auto backup config ... It has been in this state for about 30 minutes at this point. Everything else seems to be functioning as normal. Any thoughts ?
5 REPLIES 5
ShrewLWD
Contributor

This is the exact same symptom I was seeing on my 60Cs, when the EXT3 and EXT2 file system areas had gone bad. A reboot allowed me to access HTTPS and the embedded CLi again, but I did end up needing to RMA out several 60Cs. They claim its because I was logging to the disk, but I have over 200 60Cs deployed over a 2 year span, all with logging enabled, and I' ve only ever seen this issue on the very last batch of them. If you are sending your logs to the cloud or a syslog server, see if you got EXT3-fs and or EXT2-fs errors.
jpereira
New Contributor

Thank you for the quick response. Did your units ever get past the " Auto backup config ..." I am nervous about rebooting and would prefer to do it by sending a command to the unit rather than just pulling the plug.
Dave_Hall
Honored Contributor

I agree with ShrewLWD - sounds like a possible disk/flash corruption. (Had RMAed several 200Bs due to bad flash.) However, the GUI/other services may not respond if the fgt has entered conserve mode. I suggest connecting a console cable to the fgt and reboot the fgt -- watch the console output for any errors during start up ad during normal operation. Fortinet recommends disabling disk logging on the 200B (and I agree). If the flash is bad, support will want you to format the boot/logging devices and install a new firmware image then run the HQIP test on the unit.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
jpereira
New Contributor

I do have a spare unit that is factory defaulted. Is it possible to pull a config file off of the unit I am having a problem with during the boot phase ?
Dave_Hall
Honored Contributor

You need to be able to log into the device to save the cfg. If the default firmware image can not load/boot, you could try booting the backup firmware (assuming it contains a compatible firmware and not the diag firmware) or try loading a firmware via tftp (choosing the run only option.). (I suggest trying the tftp option first.) You should hopefully be able to save the config then. Here is a sample output of a 200B that recently died on us...
 =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.09.10 14:50:43 =~=~=~=~=~=~=~=~=~=~=~=
 FortiGate-200B (17:35-11.23.2011)
 Ver:04000010
 Serial number:FG200B39126XXXX
 RAM activation
 Total RAM: 1024MB
 Enabling cache...Done.
 Scanning PCI bus...Done.
 Allocating PCI resources...Done.
 Enabling PCI resources...Done.
 Zeroing IRQ settings...Done.
 Verifying PIRQ tables...Done.
 Disabling local APIC...Done.
 Boot up, boot device capacity: 3824MB.
 Press any key to display configuration menu...
 ......
 ../src/device/usb2/usb.c: 342: usb_start_wait_urb status!=0(-32)
 
 ERROR: Bulk read CSW ret = -32
 ERROR: ll_read_block( 5e08, 373fe000, 21ff1, 10) = -1
 ../src/device/usb2/usb.c: 342: usb_start_wait_urb status!=0(-32)
 
 ERROR:Bulk read data ret = -32
 ../src/device/usb2/usb.c: 342: usb_start_wait_urb status!=0(-32)
 
 ERROR: Bulk read CSW ret = -32
 ERROR: ll_read_block( 5e08, 37400000, 22001, 10) = -1
 FortiGate-200B (17:35-11.23.2011)
 Ver:04000010
 Serial number:FG200B39126XXXX
 RAM activation
 Total RAM: 1024MB
 Enabling cache...Done.
 Scanning PCI bus...Done.
 Allocating PCI resources...Done.
 Enabling PCI resources...Done.
 Zeroing IRQ settings...Done.
 Verifying PIRQ tables...Done.
 Disabling local APIC...Done.
 Boot up, boot device capacity: 3824MB.
 Press any key to display configuration menu...
 ..
 :  Get firmware image from TFTP server.
 :  Format boot device.
 :  Boot with backup firmware and set as default.
 :  Configuration and information.
 :  Quit menu and continue to boot with default firmware.
 :  Display this list of options.
 
 Enter Selection :
 
 Enter G,F,B,I,Q,or H:
 
 All data will be erased,continue:[Y/N]?
 Formatting boot device...
 ..............................................................
 Format boot device completed.
 
 Enter G,F,B,I,Q,or H:
 
 Please connect TFTP server to Ethernet port " 1" .
 
 Enter TFTP server address [192.168.1.168]: 
 Enter local address [192.168.1.188]: 
 Enter firmware image file name [image.out]: FGT_200B-v400-build0639-FORTINET.out
 MAC:00090F7F2598 TFTP error 1 (File not found or No Access)
 Open boot device failed.
 FortiGate-200B (17:35-11.23.2011)
 Ver:04000010
 Serial number:FG200B39126XXXX
 RAM activation
 Total RAM: 1024MB
 Enabling cache...Done.
 Scanning PCI bus...Done.
 Allocating PCI resources...Done.
 Enabling PCI resources...Done.
 Zeroing IRQ settings...Done.
 Verifying PIRQ tables...Done.
 Disabling local APIC...Done.
 Boot up, boot device capacity: 3824MB.
 Press any key to display configuration menu...
 ....
 :  Get firmware image from TFTP server.
 :  Format boot device.
 :  Boot with backup firmware and set as default.
 :  Configuration and information.
 :  Quit menu and continue to boot with default firmware.
 :  Display this list of options.
 
 Enter Selection :
 
 Enter G,F,B,I,Q,or H:
 
 Please connect TFTP server to Ethernet port " 1" .
 
 Enter TFTP server address [192.168.1.168]: 
 Enter local address [192.168.1.188]: 
 Enter firmware image file name [image.out]: FGT_200B-v400-build0639-FORTINET.out
 MAC:00090F7F2598 #####################
 Total 22939605 bytes data downloaded.
 Verifying the integrity of the firmware image.
 
 Total 65536kB unzipped.
 Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?d
 Programming the boot device now.
 ................................................................
 Reading boot image 1315258 bytes.
 Initializing firewall...
 System is started.
 journal_bmap: journal block not found at offset 5132 on sd(8,3)
 
 JBD: bad block at offset 5132
 
 JBD: Failed to read block at offset 5106
 
 EXT3-fs: error loading journal.
 
 Formating shared data partition ... done!
 FortiGate-200B (17:35-11.23.2011)
 Ver:04000010
 Serial number:FG200B39126XXXX
 RAM activation
 Total RAM: 1024MB
 Enabling cache...Done.
 Scanning PCI bus...Done.
 Allocating PCI resources...Done.
 Enabling PCI resources...Done.
 Zeroing IRQ settings...Done.
 Verifying PIRQ tables...Done.
 Disabling local APIC...Done.
 Boot up, boot device capacity: 3824MB.
 Press any key to display configuration menu...
 ...
 :  Get firmware image from TFTP server.
 :  Format boot device.
 :  Boot with backup firmware and set as default.
 :  Configuration and information.
 :  Quit menu and continue to boot with default firmware.
 :  Display this list of options.
 
 Enter Selection :
 
 Enter G,F,B,I,Q,or H:
 
 All data will be erased,continue:[Y/N]?
 Formatting boot device...
 FortiGate-200B (17:35-11.23.2011)
 Ver:04000010
 Serial number:FG200B39126XXXX
 RAM activation
 Total RAM: 1024MB
 Enabling cache...Done.
 Scanning PCI bus...Done.
 Allocating PCI resources...Done.
 Enabling PCI resources...Done.
 Zeroing IRQ settings...Done.
 Verifying PIRQ tables...Done.
 Disabling local APIC...Done.
 Boot up, boot device capacity: 3824MB.
 Press any key to display configuration menu...
 ......
 FortiGate-200B (17:35-11.23.2011)
 Ver:04000010
 Serial number:FG200B39126XXXX
 RAM activation
 Total RAM: 1024MB
 Enabling cache...Done.
 Scanning PCI bus...Done.
 Allocating PCI resources...Done.
 Enabling PCI resources...Done.
 Zeroing IRQ settings...Done.
 Verifying PIRQ tables...Done.
 Disabling local APIC...Done.
 Boot up, boot device capacity: 3824MB.
 Press any key to display configuration menu...
 ..
 :  Get firmware image from TFTP server.
 :  Format boot device.
 :  Boot with backup firmware and set as default.
 :  Configuration and information.
 :  Quit menu and continue to boot with default firmware.
 :  Display this list of options.
 
 Enter Selection :
 
 Enter G,F,B,I,Q,or H:
 
 All data will be erased,continue:[Y/N]?
 Formatting boot device...
 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Labels
Top Kudoed Authors