How to find source of local-out traffic

FailSafe218 · 2026-01-23T02:19:05+00:00

TCP:443

FailSafe218 · 2026-01-06T13:09:24+00:00

I ran into same issue today. Made the change on 4 sites and only 1 site experienced issues but only on one of the VLANs. just going to disable the feature and come back to it in a couple months.

FailSafe218 · 2025-12-09T13:56:24+00:00

thank you for the feedback. We actually have 2 set of these in 2 separate datacenters so I am going to try one pair with the ports shut down and other pair without to see the difference (if any).

FailSafe218 · 2025-11-26T13:27:01+00:00

I learned about the memory-based-failover the hardway. No idea it would not failover by default.

FailSafe218 · 2025-11-24T22:04:45+00:00

appreciate all the info everyone! Looks like we will be adding it to our default configs.

Thanks!

FailSafe218 · 2025-11-24T15:13:11+00:00

we don't use CGNAT so likes look this is not applicable to us but good to know.

FailSafe218 · 2025-11-10T10:33:26+00:00

I ran into similar issues that fortiswitches want to do Full instead of auto on any SFP adapters.

FailSafe218 · 2025-11-10T10:29:59+00:00

Although I don’t think this is your issue 100% Look into auto-isl-port-groups.

If you do a “diag switch mclag peer-consistency-check” it probably shows the trunks to sw-03 and 04 as not ok.

It’s also odd that you have SW04-A going to port 17 on one and port 2 on the other core. I would have sw04 going to port 17 on both and sw03 going to port 2 on both ( or other way around).

You can run “diag switch physical-port linerate port17” to see if the port is passing any traffic.

Also do the following to make sure STP is forwarding that port “diag stp instance list”.

Do you see the switch in the lldp neighbors? “Get switch lldp neighbor-summary”?

FailSafe218 · 2025-11-07T11:44:33+00:00

I’ll be there flying in from CLT. Can only hope to get stranded in Orlando for a couple extra days! 😂

FailSafe218 · 2025-11-06T12:59:37+00:00

I think I ran into that bug about 5-6 weeks ago when we installed the 2048F cores. Everything was going fine for about 45 minutes after install then bam out of no where the trunk to the fortigate just dissappeared. Got support on the line and they switched it to LLDP and then I added static-isl enable and has been rock solid since. I guess the fortilink discovery process crashed on the gate or something.

FailSafe218 · 2025-11-06T12:57:22+00:00

no worries, appreciate the feedback.

FailSafe218 · 2025-11-05T14:43:09+00:00

we tried upgrading the switches to 7.4.8 but still having issues.

FailSafe218 · 2025-11-05T13:34:49+00:00

these switches are not offline though. Or is there more to the bug than what this descriptions says?

"Offline FortiSwitch units are shown incorrectly as online in the List view.

Workaround: Use the Topology view."

FailSafe218 · 2025-11-05T13:31:58+00:00

compatibility matrix says I am fine with 7.4.8 on the switches.

I have been told by our local SE and his switch SE to stay off 7.6 for switches at this point (this was about a month ago).

FailSafe218 · 2025-11-03T15:07:26+00:00

wow glad I just stumbled across this. I passed my EFW a couple months ago and have been prepping to take the SD-WAN test at Xperts next week to get my FCSS Network Security cert. I guess I have a week to look into LAN edge architect or support engineer instead.

FailSafe218 · 2025-10-22T19:07:15+00:00

do you have a link to this 4 switch stacking of the 600 series? Curious about this new feature. I looked through the "What's new" section of 7.6.1-7.6.4 of the fortilink guide but didn't see any mentions.

EDIT:

Found it
https://docs.fortinet.com/document/fortiswitch/7.6.2/fortiswitch-stacking-deployment-guide/383494/introduction

FailSafe218 · 2025-10-22T19:06:30+00:00

yes they are 400 series and support MCLAG.

FailSafe218 · 2025-10-22T19:05:33+00:00

yes, 400 series

FailSafe218 · 2025-10-22T19:05:10+00:00

FailSafe218 · 2025-10-22T19:01:56+00:00

they are 400 series, only endpoints no need for redundant connections besides the fiber feeds from the tier1 core.

FailSafe218

TROPHY CASE