No reliable connection with hardware lan switch and bridged ssid

sanderl · ‎03-30-2023

Ok hold on, this is going to be hard to believe and to describe. I have troubleshooted a lot and cannot find out where the problem lies. Suddenly I had this vague problems, of sites not loading, DNS not resolving, etc. Maybe related to upgrading to 7.0.10 or 7.0.11. Maybe not.

What does not work (but had always worked like this - for years):

I have a (existing) hardware switch "lan" with an SSID bridged to that (no VLANs).
The IP address is on the lan switch and the SSID is bridged.
Created a new test policy, top placed any/any allow, no filtering, NAT to internet.
When I connect a mobile to this SSID and start roblox (don't ask - this is a prio 1 for days now) it does not load any game.

What does work:

I have created a (new) test vlan (99) with an IP address on it, and a test SSID bridged to that vlan (99), connected to the lan switch as my FortiAPs reside there.
Created a new test policy, under the top placed any/any allow, no filtering, NAT to internet.
When I connect a mobile to this SSID and start roblox it does load games.

EDIT: Roblox is "the" way of proving/testing above. As described a lot more is not working smoothly, but a refresh of the page will do. Roblox seems to be a lot more "picky" in the coneection stability.

Both "networks" are giving out the same DNS servers.

I have 6 VLANS connected via the lan hardware switch which all work(ed) well for years. Of which 3 have an IP adress on the VLAN interface and 3 are connected in a software switch with a port.

--> this can also be a separate topic because since this week I discovered the Fortigate does not allow me to select a VLAN anymore as a member of a softwareswitch (!), but this used to work and still works. Nothing to find in any release notes...

I cannot find any mentioning of any change in behavior. Also I have no active subscription on this device (81E) and thus cannot call support.

Is there anything I can do to (more) narrow down this issue?

sanderl · ‎04-14-2023

sanderl · ‎04-13-2023

Since this issue appeared right around updating to 7.0.10 or 7.0.11... could this perhaps possibly be a bug? Have you looked at the packet captures?

gfleming · ‎04-13-2023

IMO you either have to move everything over to the new HW switch and/or downgrade to 7.0.10 and see what happens. Might make most sense to try downgrade to 7.0.10. It still doesn't really make sense to me how that would have this effect on things but you never know!

And yes I looked at the packet captures please re-read the thread.......

Cheers,
Graham

sanderl · ‎04-13-2023

You are right. It is hard to follow in the forum type with all the "rabbit hole threads".

I do not dare to downgrade as I read in the release notes not all will work then..,

gfleming · ‎04-13-2023

Downgrading a point release really shouldn't cause any grief. See here for more info:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Selecting-an-alternate-firmware-for-the-ne...

This is a home network? Just downgrade, see how things behave and if you need to just revert back to the other partition.

There are packets missing in the test99 capture then. How did you capture it? On the FortiGate or on the client itself? Can you please capture from the client?

Cheers,
Graham

sanderl · ‎04-14-2023

I reverted back to previous fortios (7.0.10). Instantly it all worked again!!!

Although it loaded my previous configuration (but with ssid bridged via "lan" switch).

When I connected to the (old) lan-switch it direcly started roblox (multiple times) and other sites/systems being slow/unstable on another phone and wired PC instantly worked with no problems.

I reverted back to 7.0.11 now since I use sslvpn and had new config (vlans).

But I cannot conclude any other than that there must be a problem with 7.0.11...

What can that be?

From my perspective I may add the keywords "bug", "7.0.11", "existing hardware switch"

gfleming · ‎04-14-2023

Sorry it's not very clear... you went back to 7.0.11 after it worked on 7.0.10? Is it working now on 7.0.11?

Cheers,
Graham

sanderl · ‎04-14-2023

I did revert to 7.0.10. Then I went back to 7.0.11 (via your alternate firmware link).

In 7.0.10 it works again. In 7.0.11 it does not.

I reverted back to 7.0.11 after being at 7.0.10 (where everything works) because when I went back to 7.0.10 all my "old" config was loaded. But again, ssid bridged to lan switch is both the same config in 7.0.10 and 7.0.11.

gfleming · ‎04-14-2023

OK so you have an old config that works. I would say its more to do with your config than the firmware upgrade.

What changes to config did you make after going to 7.0.11?

Cheers,
Graham

sanderl · ‎04-14-2023

Come on... it's not the config.

It's not the old config that works, its 7.0.10. Since 7.0.11 introduced this issue I started to rebuild my config.

But again, the part with bridging the main ssid directly to lan swith never changed!!

In 7.0.10 that works. In 7.0.11 not.

And that started a few weeks ago directly after upgrading to 7.0.11

No reliable connection with hardware lan switch and bridged ssid

Nominate a Forum Post for Knowledge Article Creation