What is the connection between a factory reset and forticron?
We had a 60D running 5.2.8 suddenly go offline and in FAZ the last system log events were:
User reset to the factory settings from forticron
User rebooted the device from forticron. The reason is 'factory reset'
what i know is that it wasn't done via FMG and the box wasn't rebooted so it can't have been the reset button.'
Any ideas
Simon
NSE8
Fortinet Expert partner - Norway
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I experienced this same behaviour with another customer, also a 60D on 5.2.X and also a FMG managed box.
I know for sure they only rebooted the box.
NSE8
Fortinet Expert partner - Norway
Hi Simon
Did you manage to identify how this happened?
I know this is years later but i have experienced this recently on a 60E. 6.4.5
Have checked all the logs on fortimanager and forticloud and i only see that forticron has initiated the factory reset.
The firewall was going in and out of conserve mode, then just seemed to factory reset itself.
Just had the same thing last week on a 60D and again this morning. I have a 60F that I am going to get the config file converted for and decommission the 60D. Did you figure out the issue or run into it again?
Good Day,
Thank you for using the Community Forum.
Forticron is the process responsible for scheduling the tasks.
If forticron is causing high CPU /memory we have to check further on the FOS firmware version,memory/CPU logs.
Kindly update the below logs along with the current FOS version.
Below logs are useful for further review:
#diagnose sys top-mem
#get system status
#diag sys top all-summary
#get system performance status
#diag sys top 1 40 (Run for 30 Sec and CTRL C to stop)
#diag sys top-summary (Run for 30 Sec and CTRL C to stop)
#diagnose autoupdate versions
#diagnose autoupdate versions | grep -A2 "IPS"
#diagnose hardware sys shm
#diag hard sys mem
#diag sys mpstat
# diagnose sys top-all
#diag hard sys slab
#diag sys session stats
#diag sys session full-stat
#di de crashlog read | grep 2022
#diag firewall statistic show
#diag sys top-fd
#diag sys top-mem
#diag sys top-sockmem
#diag sys top-all
#diagnose hardware sysinfo conserve
#diag debug report
#diag deb config-error-log read | grep 2022
Thanks,
Feroz
I opened a ticket with Fortinet support. Supplied the logs from Fortimanager and Forticloud. There is no where to show the factory reset was initiated by a user.
Fortinet has issued an RMA to replace the firewall as there was no conclusion why it reset.
On version 6.4.5, we will look to upgrade the firmwares on all our firewalls soon.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1519 | |
1019 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.