Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiGate hardware limitation

FortiOS 5.4.0 reported an issue with the FG-92D model in the Special Notices > FG-92D High Availability in Interface Mode section of the release notes. Those issues, which were related to the use of port 1 through 14, include:

  • PPPoE failing, HA failing to form.
  • IPv6 packets being dropped.
  • FortiSwitch devices failing to be discovered.
  • Spanning tree loops may result depending on the network topology.

FG-92D does not support STP. These issues have been improved in FortiOS 5.4.1, but with some side effects with the introduction of a new command, which is enabled by default:

config global

set hw-switch-ether-filter <enable | disable>

When the command is enabled:
  • ARP (0x0806), IPv4 (0x0800), and VLAN (0x8100) packets are allowed.
  • BPDUs are dropped and therefore no STP loop results.
  • PPPoE packets are dropped.
  • IPv6 packets are dropped.
  • FortiSwitch devices are not discovered.
  • HA may fail to form depending the network topology.
When the command is disabled:
  • All packet types are allowed, but depending on the network topology, an STP loop may result.

FortiGate hardware limitation

FortiOS 5.4.0 reported an issue with the FG-92D model in the Special Notices > FG-92D High Availability in Interface Mode section of the release notes. Those issues, which were related to the use of port 1 through 14, include:

  • PPPoE failing, HA failing to form.
  • IPv6 packets being dropped.
  • FortiSwitch devices failing to be discovered.
  • Spanning tree loops may result depending on the network topology.

FG-92D does not support STP. These issues have been improved in FortiOS 5.4.1, but with some side effects with the introduction of a new command, which is enabled by default:

config global

set hw-switch-ether-filter <enable | disable>

When the command is enabled:
  • ARP (0x0806), IPv4 (0x0800), and VLAN (0x8100) packets are allowed.
  • BPDUs are dropped and therefore no STP loop results.
  • PPPoE packets are dropped.
  • IPv6 packets are dropped.
  • FortiSwitch devices are not discovered.
  • HA may fail to form depending the network topology.
When the command is disabled:
  • All packet types are allowed, but depending on the network topology, an STP loop may result.