Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Lucascat
New Contributor III

System link-monitor is not working after 5.6.11 upgrade

System link-monitor is not working as expected. When the gateway ping comes back up, the routes remains down anyway. I have to disable and re-enable link-monitor for that interface.

I have an open case with Fortinet

1 Solution
sw2090
Honored Contributor

I found a forum post referring the very same bug in v.5.2. So looks like if Fortinet brought back an old old bug in 5.6.11 :\

As back in 5.2 executig "exec router restart" temporarily fixes it until the next WAN outage.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

View solution in original post

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
21 REPLIES 21
PhilipAlexander
New Contributor

Hi,

 

I noticed the same problem on multiple firewalls after upgrading to 5.6.11.

 

We had an open case with Fortinet where they recommended to upgrade to 6.0.6 or 6.2.1 after they confirmed the problem wasn't affecting those FortiOS versions.

Lucascat

Upgraded to 6.0.6, as suggested, without problem. I confirm that now link-monitor is working.

sw2090

I ran into this on some FGT too. And I also openend a case wth FGT TAC.

 

They confirmed to me that there is known issues with SD-WAN healthcheck causing the behaviour I saw and the threadstarter reported. This reported in issue #576646 and #583247.

This is a 5.6.11 only issue accoarding to TAC.

Their solution is either to roll back to 5.6.10 or to upgrade to 6.0 or 6.2 even....

 

You can imagine that (as I have 20FGT to roll back or upgrade that are in productive use)  I am currently not really excited :\

This is pretty annoying to me :\

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
st3fan
New Contributor III

Hi Lucas

 

We are experiencing the same issue. I have received the following disappointing reply from Fortinet Support.

 

"I have checked our internal engineering tickets and indeed found this: 0576646 - dead health-check cannot recover until restart daemon lnkmtd. As there is no further 5.6 version planned after 5.6.11, the issue will not be fixed in 5.6 anymore. I feel sorry to say so, but to overcome the issue you would need to upgrade to 6.0.6 or 6.2.1."

 

I find this hard to believe. End of Engineering Support for FortiOS 5.6.11 only ends in March 2020. Have you had more luck with Support?

 

Thanks,

Stefan

Lucascat
New Contributor III

No, but I have upgraded to 6.0.6 without any issue

st3fan
New Contributor III

Ok, thanks for letting me know. Will give it a try.

kphed
New Contributor III

st3fan wrote:

Hi Lucas

 

We are experiencing the same issue. I have received the following disappointing reply from Fortinet Support.

 

"I have checked our internal engineering tickets and indeed found this: 0576646 - dead health-check cannot recover until restart daemon lnkmtd. As there is no further 5.6 version planned after 5.6.11, the issue will not be fixed in 5.6 anymore. I feel sorry to say so, but to overcome the issue you would need to upgrade to 6.0.6 or 6.2.1."

 

I find this hard to believe. End of Engineering Support for FortiOS 5.6.11 only ends in March 2020. Have you had more luck with Support?

 

Thanks,

Stefan

@st3fan - We were advised by our TAM this bug has been escalated for a fix in 5.6.x. 

 

@sw2090 - One can disable automatic routing update in the health settings < set update-static-route disable > but this would defeat the purpose of link-monitor/dead-gateway-detection all together.

sw2090
Honored Contributor

Glad to hear that it is to be fixed in 5.6 too.

yeah I feared this in case of sdiabling automatic routing update. That's whay i put that in question as workaround.

 

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
sw2090
Honored Contributor

@st3fan - We were advised by our TAM this bug has been escalated for a fix in 5.6.x. 

 

TAC today let me know that there is no plan for a fix in 5.6.11 up to now. So doesn't look like if this is going to happen.  Then only solution would be to upgrade to 6.0.6 or higher.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Labels
Top Kudoed Authors