Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
martyyy
New Contributor III

Created on ‎08-08-2024 05:46 PM

Traffic being dropped by FortiGate when asic-offload is enabled.

Im currently on FortiOS 7.2.8. 

Traffics are being dropped by FortiGate when asic-offload is enabled. To work this out, we are currently set the asic-offload to disable but this is not a long term solution.

 

Is this a bug on 7.2.8? 

https://docs.fortinet.com/document/fortigate/7.2.8/fortios-release-notes/236526/known-issues

 

Does this issue will be resolved in what FortiOS? 7.4.x or 7.2.x ?

 

Appreciate your feedback.

 

TIA :) 

Labels:
3830
0 Kudos
1 Solution
Toshi_Esumi
SuperUser
SuperUser
In response to martyyy

Created on ‎08-12-2024 06:48 PM

You can at least recreate the situation relatively easily if you temporarily disable "override" (if you have it enabled) and run a command "diag sys ha reset-uptime".
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-with-overr...
You probably want to do it in a maintenance window.

Redundant interface is different from HA but maybe they have the same mechanism in NP6Xlite. But TAC can tell you if it's the same cause when you open a ticket and ask them to get it evaluated.

Toshi

View solution in original post

3540
13 REPLIES 13
BillH_FTNT
Staff
Staff

Created on ‎08-09-2024 11:00 AM

Hi,
It would be a big help if you could share more details about your situation :
- What is your device version?
- What is the traffic flow of the issue? Simple topo
- Please share the policy detail
- Do you use sdwan?
- Please share the "dia sys session list" related to the issue traffic (flows)
- Please share the sniffer output or mirror somewhere in your network
- Please share the output of NPU, for example, with NP7 "dia npu np7 dce-drop-all ".
...
Regards
Bill

1005
0 Kudos
nathan_h
Staff
Staff

Created on ‎08-09-2024 01:45 PM

Hi martyyy,

 

Can you provide your hardware model? We can identify the NPU Chip that you have based on the model. Do you have a packet shaper enabled? You may try to disable it for isolation.

Nathan
FCP-NS, FCP-PCS, FCP-SO, FCSS-NS, FCSS-PCS, FCSS-SASE
989
0 Kudos
Rajan_kohli
Staff
Staff

Created on ‎08-10-2024 02:33 PM

Hi,

 

Please check if packets are UDP and getting fragmented 

if yes, then follow this kb article:https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-Identify-UDP-NTurbo-fragmentation-d...

 

if not then please share the hardware model and packet capture

 

Regards

Rajan Kohli

Rajan Kohli
903
0 Kudos
233akkt8g
New Contributor

Created on ‎08-20-2024 01:23 PM

Hi,

Just curious on what your ultimate fix for this was? Did you end up upgrading to 7.4? 

I'm running into a similar issue on 7.2.8 where TCP traffic stops passing through the Fortigates. When I 'set auto-asic-offload disable' the issue clears. I can replicate my scenario when I see a large increase in sessions over a short period of time. 

724
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.