Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiGuest
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSOAR
- FortiSIEM
- FortiSwitch
- FortiTester
- FortiVoice
- FortiToken
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- No reliable connection with hardware lan switch an...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No reliable connection with hardware lan switch and bridged ssid
Ok hold on, this is going to be hard to believe and to describe. I have troubleshooted a lot and cannot find out where the problem lies. Suddenly I had this vague problems, of sites not loading, DNS not resolving, etc. Maybe related to upgrading to 7.0.10 or 7.0.11. Maybe not.
What does not work (but had always worked like this - for years):
- I have a (existing) hardware switch "lan" with an SSID bridged to that (no VLANs).
- The IP address is on the lan switch and the SSID is bridged.
- Created a new test policy, top placed any/any allow, no filtering, NAT to internet.
- When I connect a mobile to this SSID and start roblox (don't ask - this is a prio 1 for days now) it does not load any game.
What does work:
- I have created a (new) test vlan (99) with an IP address on it, and a test SSID bridged to that vlan (99), connected to the lan switch as my FortiAPs reside there.
- Created a new test policy, under the top placed any/any allow, no filtering, NAT to internet.
- When I connect a mobile to this SSID and start roblox it does load games.
EDIT: Roblox is "the" way of proving/testing above. As described a lot more is not working smoothly, but a refresh of the page will do. Roblox seems to be a lot more "picky" in the coneection stability.
Both "networks" are giving out the same DNS servers.
I have 6 VLANS connected via the lan hardware switch which all work(ed) well for years. Of which 3 have an IP adress on the VLAN interface and 3 are connected in a software switch with a port.
--> this can also be a separate topic because since this week I discovered the Fortigate does not allow me to select a VLAN anymore as a member of a softwareswitch (!), but this used to work and still works. Nothing to find in any release notes...
I cannot find any mentioning of any change in behavior. Also I have no active subscription on this device (81E) and thus cannot call support.
Is there anything I can do to (more) narrow down this issue?
Labels:
- Labels:
-
FortiAP
-
FortiGate
-
Wireless Controller
62 REPLIES 62
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
100% sure... same data as the traces
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also can you explain how you are using VLANs on the HW switch today but you are not using a VLAN-capable downstream switch?
Cheers,
Graham
Graham
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had just a "dumb" switch connected to the lan hw switch with vlan interfaces configured. vlan capable devices (tagging/untagging) just pick up the correct vlans via that switch.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you also get the packet capture? That would be the most important thing to look at this point.
Cheers,
Graham
Graham
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Got the captures... but how do I attach those?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What model FortiGate is this?
Have you confirmed you are not hitting any capacity limits? What does your CPU, Session COunt, Mem usage look like?
Cheers,
Graham
Graham
Created on 04-12-2023 02:09 PM Edited on 04-12-2023 02:10 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Its an 81E (still is). No problem with new HW switch and other ssid. Its used in a small home setup.
So no... no limit hit I hope and cannot see.
Can you please re read the thread :grinning_face:
Mostly ~400-600 sessions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So your problems have all been solved since moving to the new HW switch?
Cheers,
Graham
Graham
Created on 04-13-2023 01:05 AM Edited on 04-13-2023 01:06 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, I dit not move
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you show a screenshot of your 24-hour CPU graph on the FortiGate dashboard?
Cheers,
Graham
Graham
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,749 -
FortiClient
1,777 -
5.2
801 -
FortiManager
736 -
5.4
639 -
FortiAnalyzer
563 -
FortiSwitch
477 -
FortiAP
474 -
FortiClient EMS
436 -
6.0
416 -
5.6
362 -
FortiMail
323 -
6.2
251 -
SSL-VPN
249 -
FortiAuthenticator v5.5
234 -
IPsec
212 -
FortiWeb
208 -
5.0
196 -
FortiNAC
191 -
FortiGuard
139 -
6.4
128 -
SD-WAN
117 -
FortiAuthenticator
106 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
98 -
FortiToken
92 -
Firewall policy
84 -
Wireless Controller
81 -
Customer Service
80 -
4.0MR3
64 -
FortiProxy
60 -
Fortivoice
56 -
High Availability
56 -
FortiADC
54 -
vlan
53 -
FortiEDR
52 -
ZTNA
49 -
Routing
47 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
44 -
FortiDNS
42 -
LDAP
42 -
BGP
40 -
Authentication
39 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
FortiConnect
30 -
VDOM
30 -
FortiLink
29 -
FortiWAN
27 -
Application control
27 -
Web profile
27 -
FortiConverter
25 -
Logging
25 -
Virtual IP
25 -
FortiGate v5.2
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiGate-VM
18 -
FortiMonitor
18 -
Traffic shaping
17 -
SSID
16 -
Automation
16 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
System settings
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Static route
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
SNMP
13 -
Admin
13 -
FortiCASB
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
Proxy policy
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Web rating
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
API
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1737 | |
| 1107 | |
| 752 | |
| 447 | |
| 240 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.