Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Leeos
New Contributor

SD-WAN Status check problem.

Hi,

 

FortiGate 200D - FortiOS v5.6.11 build1700 (GA). 5 wan connections.   Every 1-2 days some connections status changed to down. But the connections are up! If I change the detect server its OK.     After 1-2 days down again! change the detect server all OK. Example: Used 8.8.8.8 - OK, when down change to 8.8.4.4 - OK, when down back to 8.8.8.8, then 8.8.4.4 and so on... I tried few others Ip addresses as detect server same result.  Any idea?   Thanks, Lior. 
1 Solution
sw2090
Honored Contributor

The other thread btw is here: https://forum.fortinet.com/tm.aspx?m=178607&tree=true

 

I just received the info from TAC that their internal management has escalated that bugfix to be backported to 5.6.

There is not yet any confirmation if it will be. TAC will keep me informed.

 

What I can confirm (since I hard tested that today with a test FGT here) is that the bug is fixed in 6.0.6.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

View solution in original post

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
7 REPLIES 7
Fullmoon
Contributor III

how about upgrading the FGT 200D version to 6.0.5 or 6.0.6 and monitor its behavior.

Fortigate Newbie

Fortigate Newbie
Leeos
New Contributor

 

I like too, but its say, No Valid Upgrade path...

I do not want to loose configuration. 

sw2090
Honored Contributor

two things:

 

1. what you describe is a known bug in 5.6.11 of which we still have no devinitve answer from TAC wehter it will be fied in 5.6.11 or not. Thus it is fixed in 6.0.6 or 6.2 . There is a thread about it in the "Routing & transparent mode" Forum here.

Sdwan Status Check - due to that bug - does detect that the interface/connection is back up but fails to bring back the routes.

You could deactivate the automatic routing in Status Check but  this would somewhat remove redundancy from your sdwan.

If you run into that issue and still have some way to access cli of your FGT you could restart the routing services (exec router restart) to make the routing work correctly again - until the next WAN Outage...

 

2. Yes there is no valid upgrade path from 5.6.10/11 to 6.0.6. This is because accoarding to the upgrad path utility on the support portal this is one single step. You can directly upgrade 5.6.10 or 5.6.11 to 6.0.6. This is officially supported.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Leeos
New Contributor

Thank you, for now I just check every morning and change if necessary the detect server from the GUI.

I do not see v 6.0.6 on Firmware Management. The latest is 6.0.5.

Is there a way to force Firmware search to make 6.0.6 available for upgrade?

 

 

emnoc
Esteemed Contributor III

Same issues and upgrading fix the issues. You can monitor the SDWAN check via "diag sniffer packet <interfacename> " host x.x.x.x"

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
sw2090
Honored Contributor

The other thread btw is here: https://forum.fortinet.com/tm.aspx?m=178607&tree=true

 

I just received the info from TAC that their internal management has escalated that bugfix to be backported to 5.6.

There is not yet any confirmation if it will be. TAC will keep me informed.

 

What I can confirm (since I hard tested that today with a test FGT here) is that the bug is fixed in 6.0.6.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
BeheerSigra

Same issue here.

Hope that this bug is solved in version 5.6.11

Labels
Top Kudoed Authors