I have 100 Mbps internet connection and right after upgrading from 7.2.5 to 7.2.6 on my FortiGate-200F, the VPN dropped to max 30 Mbps. Anyone else has this problem?
After reverting to 7.2.5 it went back to normal.
Created on 12-21-2023 09:12 AM
PS ticket number is 9025902
In your network can you change the ISP interface to single Layer 3 interface ? Without Aggregate ?
Alas we can't. We are currently migrating traffic from an old Cisco firewall pair onto the new Fortigates so we need to share the ISP connection. This is re-creatable. 7.2.6 the upload throughput goes down to 30 Mbps max. Reverting to 7.2.5 everything starts working again.
We are getting very little assistance from our TAC case - other than "wait until 7.2.7" which is not particularly helpful.
Created on 01-04-2024 09:00 AM
I've had it confirmed from TAC that there is a "known issue" however have no more information than this. Official workaround is to downgrade to 7.2.5.
Created on 02-01-2024 03:18 AM
Had an update from TAC this morning. Apparently the fix is going to be in 7.2.8 ETA end Feb. I'm checking this isn't a typo and should be 7.2.7
Still not been provided with any further details or even a bug ID. Disappointing response from Fortinet if I'm honest.
Created on 02-01-2024 10:52 AM
Fix is confirmed to be in 7.2.8. Internal bug ID 910829 which shows as fixed in 7.4.2. Which I am querying.
Downgrading to 7.2.5 is the only available option right now.
I just stumbled upon this thread and have the same issue. I've opened two tickets with Fortinet TAC and even my ISP. Both say neither is their issue. My ISP even replaced their equip and had good RFC test.
I have the same setup as you 10G inside 1G outside. The reason I didn't use 10G for outside is my ISP switches do not have a 10G interface.
7.2.7 recent upgrade made no difference. Wonder if this is a possible solution or workaround?
Hi @1ryan1
While waiting for an update from Fortinet, I think you can do this
- You can change from 10G to some 1G aggregation in LAN site.
Bill
Created on 02-22-2024 04:08 AM Edited on 02-22-2024 04:09 AM
The Fortinet response on this issue has been pretty underwhelming. It took weeks for TAC to even acknowledge it was a known issue. Fortunately in our environments it only seems to impact 200Fs and the clients we have running that model don't use SSL VPN or FortiManager so neither is enabled. We've told it is fixed in 7.2.8 - but we will need to fully test that release first before we even think of rolling it onto production units. The last few releases have just introduced too many serious bugs for us to immediately upgrade. I'm hoping the move of 7.2 to mature status will mean the quality of the released code will improve - and quickly, but we've lost a bit of faith recently.
I don't think it's just 20xFs anymore, I've seen some mentions of 400F having the same problem and just confirmed myself, had to update a 401F pair from 7.0.12 to 7.0.14 to resolve another issue with conserve mode, now our performance is tanking.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.