I did the following:
- upgraded FMG to 7.0.11 while the FGT still were on 7.0.13 => everything still worked fine afterwards
- upgraded the FGT to 7.0.14 during the next night (scheduled) => since then FGT keep losing the connection to FMG when I deploy policy package or device config. Results in the deployment timing out after some time.
During a TAC session it helped to reboot FMG (and perform fsck on it with that) and then retrieving config of FGT and then deploy it. After this deploying of policy package worked fine until now.
Now just deployed the device config only on a FGT and it got disconnected from FMG again...
However they come back after some time...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
and both certificate in FMG and CAs on FGT are Fortinet Factory so cannot be modified by the user.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
We narrowed that down with TAC. It looks like if it is mainly an issue with FGT100F on 7.0.14 and FMG >= 7.0.11. Even upgrading FMG to 7.2 did not prevent it from happening. Its still escalated to the developers and pending a bugfix.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
it narrowed down to be an issue that only (at least on our side) affects the FGT100 Series. The issue never ever occured on FGT60 or FGT300 we also have.
Also the FMG Developer team has narrowed that down to be an issue on the FGT side (it is because the FGTs CAs are the culprit) and handed it over the the FGT Developer team now...
Also I got a Firmware Image from the developers that does some more debugging to get them more information. We'll see.
Will be on vacation until April 15th now but will keep you updated as Fortinet also has admitted that we are not their only customers that have this issue.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.