Hot!network outage after fgt and fortiswitch are in place

Author
unnamed
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/01/29 06:52:45
  • Status: offline
2020/01/29 07:41:24 (permalink) 6.0
0

network outage after fgt and fortiswitch are in place

Hello,
 
I have a very strange situation.
I installed a FGT-51E and FSW-124E-FPOE with 6.2.3...
Since these systems are running users are reporting that they will be kicked out sometimes from the network. RDP sessions will be closed, program which are running on the server will be closed etc. And that is happening while they are working.
Very strange. I configured a ping test and during the "outage" the ping did not stopped.
I have no idea how to check what could be the root cause for that.
 
I configured two vlans (office and server) and assigned them as native vlan on the switch. Is this the correct way how to do that?
On the firewall there is policy which is allowing the traffic without any restrictions.
#1

8 Replies Related Threads

    M.M.SW
    Bronze Member
    • Total Posts : 32
    • Scores: 2
    • Reward points: 0
    • Joined: 2012/12/20 19:50:24
    • Status: offline
    Re: network outage after fgt and fortiswitch are in place 2020/02/03 00:01:52 (permalink)
    0
    Recommended use FortiOS 6.0.9 and SwitchOS 6.2.3
    cause Resolved Issues
    592111  : FortiSwitch shows offline CAPWAP response packet getting dropped/failed after upgrading from 6.2.2.
    #2
    bmduncan34
    Bronze Member
    • Total Posts : 30
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/07/05 10:33:11
    • Status: offline
    Re: network outage after fgt and fortiswitch are in place 2020/02/06 06:15:41 (permalink)
    0
    I believe you need to leave your native vlan (vlan1) alone in that Native VLAN field, and add the appropriate vlan (Office or Server) in the Allowed VLANs field. 
    #3
    unnamed
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/01/29 06:52:45
    • Status: offline
    Re: network outage after fgt and fortiswitch are in place 2020/02/07 01:37:37 (permalink)
    0
    very strange situation.
    I had configured AD collector and after we disabled that the connection is now stable. I have no idea why the collector caused such network issues.
     
    Thanks for the help.
    #4
    MikePruett
    Platinum Member
    • Total Posts : 702
    • Scores: 17
    • Reward points: 0
    • Joined: 2014/01/08 19:39:40
    • Location: Montgomery, Al
    • Status: offline
    Re: network outage after fgt and fortiswitch are in place 2020/02/09 10:54:31 (permalink)
    0
    What interface was the AD Collector using? Providing more details we can probably see what's up.
    #5
    unnamed
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/01/29 06:52:45
    • Status: offline
    Re: network outage after fgt and fortiswitch are in place 2020/02/09 12:45:55 (permalink)
    0
    Sorry some correction.
    I configured AD server pooling (i am not sure If that ist the same as AD collector). There was no option to configured an Interface
    #6
    Jirka
    Gold Member
    • Total Posts : 163
    • Scores: 7
    • Reward points: 0
    • Joined: 2014/07/09 11:34:53
    • Location: Czech Republic
    • Status: offline
    Re: network outage after fgt and fortiswitch are in place 2020/02/09 13:21:04 (permalink)
    0
    Hello,


    How many users / groups does your domain have?
    I also tried AD collector on a small domain (about 30 users and FGT81E). And there was a very large increase in CPU load and traffic to/from DC.
    I set up a ticket then and it was explained to me:
     
    The behavior you have described is rather normal as your Fortigate has to download all Windows event logs every few seconds and parse through them. The more event logs there are on your Domain Controllers, the more resources will be consumed on your Fortigate as unfortunately, this process is very intensive on resources. For this very reason, we provide FSSO Collector Agent that you can be installed on your Domain Controllers or any other domain-joined PC, which will do the CPU intensive tasks for you. This is the the recommended approach as the most CPU intensive tasks will be performed by your Windows Servers while your Fortigate can concentrate on Traffic related tasks.

    Recommended resources:
    FSSO cookbook: https://cookbook.fortinet...-advanced-mode-expert/
    FSSO Agent modes: http://help.fortinet.com/...entication-54/FSAE.htm
    FSSO Collector Agent download: https://support.fortinet....ad/FirmwareImages.aspx >> / FortiGate/ v6.00/ 6.0/ 6.0.2/ FSSO/
    FortiOS Admin guide: https://docs.fortinet.com...ager-6.0.1-admin-guide >> Section "Agent-based FSSO"
     
    So I went back to the proven  model-DC Agent + Collector.
     
    Jirka
    #7
    unnamed
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/01/29 06:52:45
    • Status: offline
    Re: network outage after fgt and fortiswitch are in place 2020/02/13 01:21:13 (permalink)
    0
    we are talking just about 5 users... 
    CPU load was always stable and not high. 
     
    Maybe its a bug or so.
     
    #8
    romanr
    Platinum Member
    • Total Posts : 923
    • Scores: 34
    • Reward points: 0
    • Joined: 2004/06/08 08:29:56
    • Location: Vienna/Austria
    • Status: offline
    Re: network outage after fgt and fortiswitch are in place 2020/02/13 23:58:05 (permalink)
    0
    Hi,
     
    there is a known Bug in FortiOS 6.0.8, 6.0.9 and 6.2.3 which will randomly drop sessions when FSSO is being used.
     
    Bug ID 582265 
    There are interim builds available - So better create a support case!
     
    Br
    Roman
    #9
    Jump to:
    © 2020 APG vNext Commercial Version 5.5