We had a Fortinet 110C in place for several years with our Comcast ISP Cable Modem connection. We replaced the 110C with a new 200D. Within several days the Comcast connection began to fail. We observed that the modem would actually reboot. Here's a list of things we've tried so far but we're still having problems.
- Replaced all power cables
- Replaced all network cables
- Ensured both devices are on UPS protection
- Comcast gave a new modem. No change
- Fortigate support tickets. Nothing definitive from them
- Turned off all non-essential UTM features on the 200D
- Numerous support tickets with Comcast and elevated ticket to District Manager
- Put the original 110C back in place. No problems with it
- RMA'd the original 200D for a new one and installed. Issues continue
We're running low on options. The last couple of things we plan to try are using a hard-coded connection speed on the Fortigate of 100Mb/Full. The auto-negotiate is 1000Mb.
We're also considering loading the 200D with older 5.2 firmware.
I have a suspicion that the 200D is sending some amount or type of data out the WAN that the Comcast modem can't handle and this is causing it to reboot but I need some method or information to support that.
Please let me know if you have any experience with this type of issue or suggestions. We've been fighting with this for several months now.
I did also post this on Spiceworks and received several replies/questions. Here is the second post I put over there to elaborate on those.
I do want to add a couple of details. I'm not our primary Network Engineer on this. This is at a client of ours and I am their Account Manager. The other wrinkle is there are full time desktop support staff there but they are a two hour drive (one-way) from our office.
Let me work through the posts and replies now.
Here's the current version. FG200D-5.04-FW-build1111-161220pmode=0:vdom=0
I think we had slightly earlier version on initially.
Comcast hasn't shared any logs yet but we're asking for them.
There is just the single cable to the patch cable
I don't think we're tried disabling all the features. A challenge to that is the problem may take a day or two before cropping up.
Here's the current WAN1 configuration. We have an ATT DSL connection on WAN2 and do not see anissueses there.
set vdom "root"
set ip NN.NNN.NNN.NNN 255.255.255.248
set allowaccess ping https ssh snmp
set vlanforward enable
set type physical
set alias "Comcast"
set role wan
set snmp-index 2
This 200D does not have PoE feature.
We do intend to test adding a switch between the devices
I will definitely check into the "wish port" factor.