Advertisement
Have two Fortigate 60F firewalls in Active/Passive HA. Previously had just 1 that was working as expected. Now, it seems as if one of the firewall polices just randomly stops working. We have a policy to allow inboind udp/tcp traffic on two ports. They work fine for a bit then it seems like 30-40 minutes after a firewall reboot they just stop forwarding traffic or receiving traffic at all. Rebooting the primary firewall causes the traffic to start flowing again. Sometimes it spontaneously starts passing traffic again after a couple of hours.<\/p>\n
Shutting off the primary firewall and running it on the original firewall that was in before also causes the same issue.<\/p>\n
The set up is 2 internet providers coming into a dumb switch, then the dumb switch plugs all the necessary ports into the two firewalls.<\/p>\n
I’m trying to relay this as a third party so I may be missing some details, but any pointers would be greatly appreciated!<\/p>","upvoteCount":3,"answerCount":6,"datePublished":"2025-02-07T16:54:10.089Z","author":{"@type":"Person","name":"walruscaptain","url":"https://community.spiceworks.com/u/walruscaptain"},"suggestedAnswer":[{"@type":"Answer","text":"
Have two Fortigate 60F firewalls in Active/Passive HA. Previously had just 1 that was working as expected. Now, it seems as if one of the firewall polices just randomly stops working. We have a policy to allow inboind udp/tcp traffic on two ports. They work fine for a bit then it seems like 30-40 minutes after a firewall reboot they just stop forwarding traffic or receiving traffic at all. Rebooting the primary firewall causes the traffic to start flowing again. Sometimes it spontaneously starts passing traffic again after a couple of hours.<\/p>\n
Shutting off the primary firewall and running it on the original firewall that was in before also causes the same issue.<\/p>\n
The set up is 2 internet providers coming into a dumb switch, then the dumb switch plugs all the necessary ports into the two firewalls.<\/p>\n
I’m trying to relay this as a third party so I may be missing some details, but any pointers would be greatly appreciated!<\/p>","upvoteCount":3,"datePublished":"2025-02-07T16:54:10.170Z","url":"https://community.spiceworks.com/t/fortigate-firewall-udp-traffic/1172803/1","author":{"@type":"Person","name":"walruscaptain","url":"https://community.spiceworks.com/u/walruscaptain"}},{"@type":"Answer","text":"
What fortiOS are you on? There are plenty of reported bugs in the past and probably still with certain revs where things like DoS policies or Traffic Shaping policies have caused issues, etc… Figuring out the release you are on, then looking at the release notes and bug reports will help see if you are suffering from a known issue. This could also be a memory leak or something resource related as well, so during those times of issue, are you seeing high CPU or memory usage for example?
\nAlso, I would be remiss if I did not mentioned that a TAC case with Fortinet will probably get you quicker results since you are experiencing disruptions.<\/p>","upvoteCount":0,"datePublished":"2025-02-07T18:00:11.498Z","url":"https://community.spiceworks.com/t/fortigate-firewall-udp-traffic/1172803/2","author":{"@type":"Person","name":"rogergaudet","url":"https://community.spiceworks.com/u/rogergaudet"}},{"@type":"Answer","text":"
We aren’t seeing any high CPU/Memory usage during the times before/during/after the issue occurs.<\/p>\n
We are getting ready to open a case right now ![\":slight_smile:\"](\"https://emoji.discourse-cdn.com/twitter/slight_smile.png?v=12\" "\\":slight_smile:\\"")
<\/p>\n
We are on 7.4.7<\/p>","upvoteCount":0,"datePublished":"2025-02-07T18:04:20.923Z","url":"https://community.spiceworks.com/t/fortigate-firewall-udp-traffic/1172803/3","author":{"@type":"Person","name":"walruscaptain","url":"https://community.spiceworks.com/u/walruscaptain"}},{"@type":"Answer","text":"
Saw this in a Reddit thread about 7.4.7 and someone responded about bug ID 1057131 where a FortiGuard update can cause the system to not operate as expected if the FortiGate is already in conserve mode, but others have reported similar to what you are mentioning in that thread, so you might want to read through it.<\/p>\n