Switch blocking uplink to FG80F after 6.4.9 update
Last night I updated my Fortigate 80F from 6.4.8 to 6.4.9 and immediately lost connection to the LAN. I could still ping the Fortigate from the internet side, so on a hunch I checked the switch (a Unifi 24PoE) and noticed the port the 80F is plugged into was blocked. Disabling STP on the port makes everything work again. I'm not sure if it's a Ubiquiti problem or a Fortigate problem, but it had been running fine on 6.4.8 for months. There's only one connection between the 80F and the switch. RSTP priority on the switches is set to 4096 on the 24PoE and 8192 on a couple of downstream switches. I skimmed the release notes for 6.4.9 and nothing stood out that might cause this kind of issue...any ideas?
This just took down our entire network. I can't find any mention of spanning tree in the release notes for 6.4.9, and a technical tip in 2020 claims that FortiGates don't participate in STP, but... apparently they do now? You can switch STP off on the FortiGate interface, and you should be back in business.
@alifThe issue in this case is not that STP is enabled (obviously, it is for this issue to occur). The issue is that STP was enabled (no config change) in 6.4.8, and did not cause this issue. So something about the 6.4.9 release changed STP functionality, and I don't see anything documented in the release notes. I am unsure if STP was just broken in 6.4.8, and 6.4.9 fixed it, or if some other change adjusted how STP determines if it believes there's a loop.
Fortinet needs to identify and document the related change.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.