System link-monitor is not working as expected. When the gateway ping comes back up, the routes remains down anyway. I have to disable and re-enable link-monitor for that interface.
I have an open case with Fortinet
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I found a forum post referring the very same bug in v.5.2. So looks like if Fortinet brought back an old old bug in 5.6.11 :\
As back in 5.2 executig "exec router restart" temporarily fixes it until the next WAN outage.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hi,
I noticed the same problem on multiple firewalls after upgrading to 5.6.11.
We had an open case with Fortinet where they recommended to upgrade to 6.0.6 or 6.2.1 after they confirmed the problem wasn't affecting those FortiOS versions.
Upgraded to 6.0.6, as suggested, without problem. I confirm that now link-monitor is working.
I ran into this on some FGT too. And I also openend a case wth FGT TAC.
They confirmed to me that there is known issues with SD-WAN healthcheck causing the behaviour I saw and the threadstarter reported. This reported in issue #576646 and #583247.
This is a 5.6.11 only issue accoarding to TAC.
Their solution is either to roll back to 5.6.10 or to upgrade to 6.0 or 6.2 even....
You can imagine that (as I have 20FGT to roll back or upgrade that are in productive use) I am currently not really excited :\
This is pretty annoying to me :\
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hi Lucas
We are experiencing the same issue. I have received the following disappointing reply from Fortinet Support.
"I have checked our internal engineering tickets and indeed found this: 0576646 - dead health-check cannot recover until restart daemon lnkmtd. As there is no further 5.6 version planned after 5.6.11, the issue will not be fixed in 5.6 anymore. I feel sorry to say so, but to overcome the issue you would need to upgrade to 6.0.6 or 6.2.1."
I find this hard to believe. End of Engineering Support for FortiOS 5.6.11 only ends in March 2020. Have you had more luck with Support?
Thanks,
Stefan
No, but I have upgraded to 6.0.6 without any issue
Ok, thanks for letting me know. Will give it a try.
st3fan wrote:@st3fan - We were advised by our TAM this bug has been escalated for a fix in 5.6.x.Hi Lucas
We are experiencing the same issue. I have received the following disappointing reply from Fortinet Support.
"I have checked our internal engineering tickets and indeed found this: 0576646 - dead health-check cannot recover until restart daemon lnkmtd. As there is no further 5.6 version planned after 5.6.11, the issue will not be fixed in 5.6 anymore. I feel sorry to say so, but to overcome the issue you would need to upgrade to 6.0.6 or 6.2.1."
I find this hard to believe. End of Engineering Support for FortiOS 5.6.11 only ends in March 2020. Have you had more luck with Support?
Thanks,
Stefan
@sw2090 - One can disable automatic routing update in the health settings < set update-static-route disable > but this would defeat the purpose of link-monitor/dead-gateway-detection all together.
Glad to hear that it is to be fixed in 5.6 too.
yeah I feared this in case of sdiabling automatic routing update. That's whay i put that in question as workaround.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
@st3fan - We were advised by our TAM this bug has been escalated for a fix in 5.6.x.
TAC today let me know that there is no plan for a fix in 5.6.11 up to now. So doesn't look like if this is going to happen. Then only solution would be to upgrade to 6.0.6 or higher.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1717 | |
1093 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.