packets randomly dropped by dst interface unknown issue
At one of our customers (yes still running on 5.0.12) we noticed more and more packet drops, caused by destination interface unknown messages in the logs. This happens on all their firewalls, on Port Channels, on dual gateways with same metric (ECMP is used) but we cannot pinpoint the cause. We think that there is a bug in the software.
We started a wireshark trace and we saw packets coming in but they cannot be routed.
Does anybody have had similar issues and found a solution?
What device are you using? Can you upgrade it a few revision higher and see if it still happens? I try not to be more than 2 releases back. With many vendors, they want you on the latest and greatest release to even talk to you.
Hi, the customer uses several FGT1200D, 1000C and 3950B clusters. It happens on all these devices.
We tried to push the customer already to allow us to upgrade all devices to higher software levels but they don't see the urgency (yet). There are factories (worldwide) running behind these devices that run 24/7 and that cannot afford any downtime is the reason.
Though we know that in the end, downtime needs to be reserved, since things will get worse more and more.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.