Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
martyyy
New Contributor III

Traffic being dropped by FortiGate when asic-offload is enabled.

Im currently on FortiOS 7.2.8. 

Traffics are being dropped by FortiGate when asic-offload is enabled. To work this out, we are currently set the asic-offload to disable but this is not a long term solution.

 

Is this a bug on 7.2.8? 

https://docs.fortinet.com/document/fortigate/7.2.8/fortios-release-notes/236526/known-issues

 

Does this issue will be resolved in what FortiOS? 7.4.x or 7.2.x ?

 

Appreciate your feedback.

 

TIA :) 

1 Solution
Toshi_Esumi

You can at least recreate the situation relatively easily if you temporarily disable "override" (if you have it enabled) and run a command "diag sys ha reset-uptime".
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/666653/primary-unit-selection-with-overr...
You probably want to do it in a maintenance window.

Redundant interface is different from HA but maybe they have the same mechanism in NP6Xlite. But TAC can tell you if it's the same cause when you open a ticket and ask them to get it evaluated.

Toshi

View solution in original post

13 REPLIES 13
BillH_FTNT
Staff
Staff

Hi,
It would be a big help if you could share more details about your situation :
- What is your device version?
- What is the traffic flow of the issue? Simple topo
- Please share the policy detail
- Do you use sdwan?
- Please share the "dia sys session list" related to the issue traffic (flows)
- Please share the sniffer output or mirror somewhere in your network
- Please share the output of NPU, for example, with NP7 "dia npu np7 dce-drop-all ".
...
Regards
Bill

nathan_h
Staff
Staff

Hi martyyy,

 

Can you provide your hardware model? We can identify the NPU Chip that you have based on the model. Do you have a packet shaper enabled? You may try to disable it for isolation.

Nathan
FCP-NS, FCP-PCS, FCP-SO, FCSS-NS, FCSS-PCS, FCSS-SASE
Rajan_kohli
Staff
Staff

Hi,

 

Please check if packets are UDP and getting fragmented 

if yes, then follow this kb article:https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-Identify-UDP-NTurbo-fragmentation-d...

 

if not then please share the hardware model and packet capture

 

Regards

Rajan Kohli

Rajan Kohli
233akkt8g
New Contributor

Hi,

Just curious on what your ultimate fix for this was? Did you end up upgrading to 7.4? 

I'm running into a similar issue on 7.2.8 where TCP traffic stops passing through the Fortigates. When I 'set auto-asic-offload disable' the issue clears. I can replicate my scenario when I see a large increase in sessions over a short period of time. 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors