Tag Archives: fortiguard link flap mitigation

Change of FortiGuard Filtering Port to mitigate Internet link flaps

I have a friend that has some FortiGates at his business. I have been helping him troubleshoot some random WAN1 port flapping issues. Well, after doing some research and looking through the documentation I found the below from Fortinet. Guess what internet provider he uses…..you’re right….COMCRAP….I mean, Comcast.

Some modems, ComCast for example, are known to drop the network connection or reboot if they receive non-DNS traffic on UDP port 53 which is well known DNS port, but which is also used to connect to the FortiGuard service.

An example of log messages that can be observed in logs on FortiGate is shown below:

date=2099-05-03 time=17:12:50 logid=0100020099 type=event subtype=system level=information vd=”root” logdesc=”Interface status changed” action=interface-stat-change status=UP msg=”Link monitor: Interface wan1 was turned up”
date=2099-05-03 time=17:12:47 logid=0100020099 type=event subtype=system level=information vd=”root” logdesc=”Interface status changed” action=interface-stat-change status=DOWN msg=”Link monitor: Interface wan1 was turned down”

Note that it is not necessary that the Link Monitor feature is configured, this log message will appear in logs each time the physical link is lost.

This cause can be confirmed by connecting a switch between the FortiGate and a modem.

If the switch has logging functionality then the interface facing the FortiGate will be stable while the interface connected to a modem will be flapping.

The workaround is to use port 8888 for FortiGuard.  This can be changed from GUI or CLI.

GUI

System > FortiGuard > Filtering

Select 8888 as “FortiGuard Filtering Port”

CLI

config system fortiguard
set port 8888
end