Fortigate firmware version is v7.2.6.

Unfortunately we couldn't get any logs from FG and Cisco because specialized persons were not present at that time. Only thing we can do is restarting the FG. After restart everything was fine.

Once the problem occurs there was stock transceivers . Current information of this transceiver is as follows;

Interface port25 - SFP/SFP+/SFP28, 10GBASE-SR
Diagnostics : Implemented
Vendor Name : OEM
Part No. : SFP-10G-SR-LL
Serial No. : 202009281816
Measurement Unit Value High Alarm High Warning Low Warning Low Alarm
------------ ------------ ------------ ------------ ------------ ------------ ------------
Temperature (Celsius) 31.6 90.0 85.0 -5.0 -10.0
Voltage (Volts) 3.37 3.60 3.50 3.00 2.90
Tx Bias (mA) 6.89 15.00 13.00 2.00 1.00
Rx Power (dBm) -40.0 -- 5.0 3.0 -15.0 -17.0
Tx Power (dBm) -2.6 4.0 3.0 -8.0 -9.0
++ : high alarm, + : high warning, - : low warning, -- : low alarm, ? : suspect.

Some figures are not within the limits. Both of the transceivers were stock transceivers. This can be the cause of the problem ?

Thanks AEK,

We may think to drop LACP because the impact is quite high. But that time there are too many Firewall policy rules using wan1 ( LAG interface name ) . Is there a way keeping this wan1 interface and rules by dropping the LACP.

Thanks Again

Actually i forgot the mention the SD-WAN definition.

LAG interface name wan1 is used in the SD-WAN definition , which has wan1 and wan2 . wan2 is not used , there is no physical connection for wan2.

the SD-WAN name ( WAN ) is used in all of the Firewall policy rules.

Thanks a lot, i will try this.