Hot!FortiGate 60E

Author
travisroth
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/02/20 12:57:01
  • Status: offline
2020/02/20 13:08:21 (permalink)
0

FortiGate 60E

I have a FortiGate 60E, brand new, V6.2.3 build1066 (GA).
 
If I plug my laptop (Mac with Gigabit network card) into interface Internal1 - it shows 1000Mbps/full duplex on the GUI and lights up green on the display nearly instantly.
 
If I plug either a Cisco or Engenius unmannaged Gigabit network switch into Internal1, it takes a few seconds to "light up", but when it does, it shows up as 100Mbps/Full Duplex and amber light. I have confirmed these switches are operating on gigabit and all devices plugged into them show 1000Mbps.
 
If I unplug the switch and plug the same laptop into the Internal1, it then shows only 100Mbps, until such time I physically reboot the FortiGate 60E. Then it goes back to 1000Mbps.
 
This issue will follow any port on the FortiGate except for WAN. My laptop always shows up 1000Mbps. Plug in gigabit switch, and the port goes to 100Mbps. Then the same laptop cannot connect on that port any faster than 100Mbps until a reboot.
 
Thoughts?
 
 
 
 
 
#1

6 Replies Related Threads

    simonorch
    Gold Member
    • Total Posts : 329
    • Scores: 14
    • Reward points: 0
    • Joined: 2009/06/05 00:05:08
    • Location: Norway
    • Status: offline
    Re: FortiGate 60E 2020/02/20 23:24:57 (permalink)
    0
    what happens if you set the port to 1000mbps full?
     
    do you get the same issue if you disable/enable the port?

    NSE8
    Fortinet platinum partner - Norway
    #2
    ede_pfau
    Expert Member
    • Total Posts : 6241
    • Scores: 522
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: FortiGate 60E 2020/02/21 03:50:26 (permalink)
    0
    I suggest you give up von v6.2 at the moment, and run v6.0.9. There are some issues to be sorted out, some of which pertain to MTU handling. Just a thought.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #3
    James_G
    Gold Member
    • Total Posts : 184
    • Scores: 5
    • Reward points: 0
    • Joined: 2016/02/28 02:55:47
    • Status: offline
    Re: FortiGate 60E 2020/02/21 04:13:47 (permalink)
    0
    Have you broken the internal switch into individual ports. First thing I do with new units.
    #4
    tioeudes
    Bronze Member
    • Total Posts : 38
    • Scores: 4
    • Reward points: 0
    • Joined: 2019/10/22 09:47:38
    • Status: offline
    Re: FortiGate 60E 2020/02/21 04:29:17 (permalink)
    0
    try to force the port speed to 1000full
     
    confyg system interface
    edit port xxx
    set speed 1000full
    end
     
    #5
    Dave Hall
    Expert Member
    • Total Posts : 1641
    • Scores: 174
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: FortiGate 60E 2020/02/21 07:57:21 (permalink)
    0
    You can perform a diag on the interface from the CLI using diag hardware deviceinfo nic <interface>

    eg. diag hardware deviceinfo nic internal1

    Output should be something similar to the following...

    Description        Fortinet 92D Ethernet Driver
    System_Device_Name    internal1
    Current_HWaddr        90:6c:ac:00:00:00
    Permanent_HWaddr    90:6c:ac:00:00:00
    State            up
    Link            up
    PHY Link        up
    Speed            1000
    Duplex            full
    port:             0
    def vid            4094
    cur_vid            4094
    netdev_running        1
    pci_rx        0
    Rx_Packets        341499              
    Tx_Packets        615994              
    Rx_Bytes        58315364            
    Tx_Bytes        220265980           

    What you are looking for is the duplex/speed value and any rx/tx errors or any errors for that matter.  If there are errors,  wait 2-3 mins then repeat the diag commands to see if the error counts increases. (This is assuming you have something plugged into that interface port.)

    Use show system interface internal1 to see how the internal1 port is configured.  (cmd will not show default values.)
     
    Use show full system interface internal1 to display the full configuration on internal1.  If duplex/speed is set, it should show up as "set speed <value>".
     
    You can force the duplex/speed on internal1 by using:
     
    config system interface
    edit "internal1"
    set speed 1000full
    next
    end


    To set the interface to auto negotiation, use:
     
    config system interface
    edit "internal1"
    unset speed
    next
    end
     
    It's been suggested to disable/enable the interface, which you can do from the CLI:
     
    config system interface
    edit "internal1"
    set status (up|down)
    next
    end


    If both sides of the connection is confirmed to be set to auto negotiation, I really find this problem odd - I suggest forcing the interface to 1000full then perform further testing - check via the diag cmds what that interface is reporting and/or disable/enable the interface and/or powercycle the switch. etc.

    NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
    #6
    travisroth
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/02/20 12:57:01
    • Status: offline
    Re: FortiGate 60E 2020/02/25 11:37:31 (permalink)
    0
    Dave Hall
    You can perform a diag on the interface from the CLI using diag hardware deviceinfo nic <interface>

     
    Here is the output for the interface and the hardware switch. 
     
    Description     :FortiASIC NP6LITE Adapter
    Driver Name     :FortiASIC NP6LITE Driver
    Board           :60E
    lif id          :3
    lif oid         :67
    netdev oid      :67
    tx group        :0
    Current_HWaddr   e8:1c:ba:ec:27:d7
    Permanent_HWaddr e8:1c:ba:ec:27:d7
    ========== Link Status ==========
    Admin           :up
    netdev status   :up
    autonego_setting:0
    link_setting    :0
    speed_setting   :100
    duplex_setting  :1
    Speed           :100
    Duplex          :Full
    link_status     :Up
    ============ Counters ===========
    Rx Pkts         :1
    Rx Bytes        :60
    Tx Pkts         :0
    Tx Bytes        :0
    Host Rx Pkts    :1
    Host Rx Bytes   :46
    Host Tx Pkts    :0
    Host Tx Bytes   :0
    Host Tx dropped :0
    FragTxCreate    :0
    FragTxOk        :0
    FragTxDrop      :0
     
    RPM # diag hardware deviceinfo nic internal
    Description     :FortiASIC NP6LITE Adapter
    Driver Name     :FortiASIC NP6LITE Driver
    Board           :60E
    lif id          :12
    lif oid         :76
    netdev oid      :76
    tx group        :0
    Current_HWaddr   e8:1c:ba:ec:27:d7
    Permanent_HWaddr e8:1c:ba:ec:27:d7
    ========== Link Status ==========
    Admin           :up
    netdev status   :up
    autonego_setting:1
    link_setting    :1
    speed_setting   :1000
    duplex_setting  :1
    Speed           :1000
    Duplex          :Full
    link_status     :Up
    ============ Counters ===========
    Rx Pkts         :8199608
    Rx Bytes        :3228643786
    Tx Pkts         :8833945
    Tx Bytes        :4754641061
    Host Rx Pkts    :3253882
    Host Rx Bytes   :449029866
    Host Tx Pkts    :2449571
    Host Tx Bytes   :479060991
    Host Tx dropped :0
    FragTxCreate    :0
    FragTxOk        :0
    FragTxDrop      :0
    Member Ports    :
    		[00]: internal1
    		[01]: internal5
    		[02]: internal6
    		[03]: internal7
     
    When I try to force the interface to 1000, I get -61 error.
    (internal1) # set speed 1000full
     
    command parse error before 'speed'
    Command fail. Return code -61
     
    As the device is now in production, converting the interface1 to be standalone, like others have suggested instead of part of the switch, will take some afterhours time. 
     
    I have tried everything else suggested in this thread, from power cycling, to forcing 1000 (getting the -61 error).
     
    #7
    Jump to:
    © 2020 APG vNext Commercial Version 5.5