Helpful ReplyHot!System link-monitor is not working after 5.6.11 upgrade

Author
Lucascat
Silver Member
  • Total Posts : 75
  • Scores: 6
  • Reward points: 0
  • Joined: 2004/09/10 10:11:41
  • Status: offline
2019/09/14 07:27:52 (permalink)
0

System link-monitor is not working after 5.6.11 upgrade

System link-monitor is not working as expected.
When the gateway ping comes back up, the routes remains down anyway.
I have to disable and re-enable link-monitor for that interface.
I have an open case with Fortinet
#1
PhilipAlexander
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/17 01:56:38
  • Status: offline
Re: System link-monitor is not working after 5.6.11 upgrade 2019/09/17 02:01:14 (permalink)
0
Hi,
 
I noticed the same problem on multiple firewalls after upgrading to 5.6.11.
 
We had an open case with Fortinet where they recommended to upgrade to 6.0.6 or 6.2.1 after they confirmed the problem wasn't affecting those FortiOS versions.
#2
Lucascat
Silver Member
  • Total Posts : 75
  • Scores: 6
  • Reward points: 0
  • Joined: 2004/09/10 10:11:41
  • Status: offline
Re: System link-monitor is not working after 5.6.11 upgrade 2019/09/17 22:52:00 (permalink)
0
Upgraded to 6.0.6, as suggested, without problem.
I confirm that now link-monitor is working.
#3
st3fan
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/01/20 06:29:04
  • Status: offline
Re: System link-monitor is not working after 5.6.11 upgrade 2019/09/26 07:03:34 (permalink)
0
Hi Lucas
 
We are experiencing the same issue. I have received the following disappointing reply from Fortinet Support.
 
"I have checked our internal engineering tickets and indeed found this: 0576646 - dead health-check cannot recover until restart daemon lnkmtd. As there is no further 5.6 version planned after 5.6.11, the issue will not be fixed in 5.6 anymore. I feel sorry to say so, but to overcome the issue you would need to upgrade to 6.0.6 or 6.2.1."
 
I find this hard to believe. End of Engineering Support for FortiOS 5.6.11 only ends in March 2020. Have you had more luck with Support?
 
Thanks,
Stefan
#4
Lucascat
Silver Member
  • Total Posts : 75
  • Scores: 6
  • Reward points: 0
  • Joined: 2004/09/10 10:11:41
  • Status: offline
Re: System link-monitor is not working after 5.6.11 upgrade 2019/09/26 07:10:03 (permalink)
0
No, but I have upgraded to 6.0.6 without any issue
#5
st3fan
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/01/20 06:29:04
  • Status: offline
Re: System link-monitor is not working after 5.6.11 upgrade 2019/09/26 08:18:14 (permalink)
0
Ok, thanks for letting me know. Will give it a try.
#6
sw2090
Gold Member
  • Total Posts : 468
  • Scores: 23
  • Reward points: 0
  • Joined: 2017/06/14 01:27:25
  • Location: Regensburg
  • Status: offline
Re: System link-monitor is not working after 5.6.11 upgrade 2019/10/24 07:23:47 (permalink)
0
I ran into this on some FGT too. And I also openend a case wth FGT TAC.
 
They confirmed to me that there is known issues with SD-WAN healthcheck causing the behaviour I saw and the threadstarter reported. This reported in issue #576646 and #583247.
This is a 5.6.11 only issue accoarding to TAC.
Their solution is either to roll back to 5.6.10 or to upgrade to 6.0 or 6.2 even....
 
You can imagine that (as I have 20FGT to roll back or upgrade that are in productive use)  I am currently not really excited :/
This is pretty annoying to me :/
#7
sw2090
Gold Member
  • Total Posts : 468
  • Scores: 23
  • Reward points: 0
  • Joined: 2017/06/14 01:27:25
  • Location: Regensburg
  • Status: offline
Re: System link-monitor is not working after 5.6.11 upgrade 2019/10/24 07:42:46 (permalink)
0
Maybe it could be some kind of workaround to disable the autmatic routing update in the health check settings. Then the routes would not go down on case of outage. The question on this would then be what happens to sdwan traffic then?
#8
muhkida
New Member
  • Total Posts : 18
  • Scores: 5
  • Reward points: 0
  • Status: offline
Re: System link-monitor is not working after 5.6.11 upgrade 2019/10/24 14:52:24 (permalink)
0
st3fan
Hi Lucas
 
We are experiencing the same issue. I have received the following disappointing reply from Fortinet Support.
 
"I have checked our internal engineering tickets and indeed found this: 0576646 - dead health-check cannot recover until restart daemon lnkmtd. As there is no further 5.6 version planned after 5.6.11, the issue will not be fixed in 5.6 anymore. I feel sorry to say so, but to overcome the issue you would need to upgrade to 6.0.6 or 6.2.1."
 
I find this hard to believe. End of Engineering Support for FortiOS 5.6.11 only ends in March 2020. Have you had more luck with Support?
 
Thanks,
Stefan


@st3fan - We were advised by our TAM this bug has been escalated for a fix in 5.6.x. 
 
@sw2090 - One can disable automatic routing update in the health settings < set update-static-route disable > but this would defeat the purpose of link-monitor/dead-gateway-detection all together.
#9
sw2090
Gold Member
  • Total Posts : 468
  • Scores: 23
  • Reward points: 0
  • Joined: 2017/06/14 01:27:25
  • Location: Regensburg
  • Status: offline
Re: System link-monitor is not working after 5.6.11 upgrade 2019/10/24 23:15:58 (permalink)
0
Glad to hear that it is to be fixed in 5.6 too.
yeah I feared this in case of sdiabling automatic routing update. That's whay i put that in question as workaround.
 
#10
sw2090
Gold Member
  • Total Posts : 468
  • Scores: 23
  • Reward points: 0
  • Joined: 2017/06/14 01:27:25
  • Location: Regensburg
  • Status: offline
Re: System link-monitor is not working after 5.6.11 upgrade 2019/10/28 00:42:45 (permalink) ☄ Helpfulby muhkida 2019/10/28 06:45:24
0
I found a forum post referring the very same bug in v.5.2. So looks like if Fortinet brought back an old old bug in 5.6.11 :/
As back in 5.2 executig "exec router restart" temporarily fixes it until the next WAN outage.
#11
sw2090
Gold Member
  • Total Posts : 468
  • Scores: 23
  • Reward points: 0
  • Joined: 2017/06/14 01:27:25
  • Location: Regensburg
  • Status: offline
Re: System link-monitor is not working after 5.6.11 upgrade 2019/10/30 01:55:29 (permalink)
0
@st3fan - We were advised by our TAM this bug has been escalated for a fix in 5.6.x. 
 
TAC today let me know that there is no plan for a fix in 5.6.11 up to now. So doesn't look like if this is going to happen.  Then only solution would be to upgrade to 6.0.6 or higher.
#12
tioeudes
New Member
  • Total Posts : 14
  • Scores: 2
  • Reward points: 0
  • Joined: 2019/10/22 09:47:38
  • Status: offline
Re: System link-monitor is not working after 5.6.11 upgrade 2019/10/30 12:14:22 (permalink)
0
Same thing here. It happened before when upgraded from 5.2 to 5.4.
As usual, nothing on the release notes.
#13
sw2090
Gold Member
  • Total Posts : 468
  • Scores: 23
  • Reward points: 0
  • Joined: 2017/06/14 01:27:25
  • Location: Regensburg
  • Status: offline
Re: System link-monitor is not working after 5.6.11 upgrade 2019/11/07 02:41:41 (permalink)
0
New Info I just received from TAC:
 
"Just a quick update - this bug has been escalated by internal management to be backported to be fixed in 5.6 There hasn't been any confirmation whether or not this has been approved, but I wanted to inform you from our end we are trying to make this happen."
#14
muhkida
New Member
  • Total Posts : 18
  • Scores: 5
  • Reward points: 0
  • Status: offline
Re: System link-monitor is not working after 5.6.11 upgrade 2019/11/08 07:43:25 (permalink)
0
sw2090
New Info I just received from TAC:
 
"Just a quick update - this bug has been escalated by internal management to be backported to be fixed in 5.6 There hasn't been any confirmation whether or not this has been approved, but I wanted to inform you from our end we are trying to make this happen."


We heard something similar from our TAM as well.  Now, the wait begins...
#15
Jump to:
© 2019 APG vNext Commercial Version 5.5