FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article explains hardware limitation for FortiGate model FG-92D. FortiOS 5.4.0 reported an issue with the FG-92D model in the Special Notices. FG-92D High Availability in Interface Mode section of the release notes. Those issues were related to the use of port 1 through 14, include:
- PPPoE failing, HA failing to form. - IPv6 packets being dropped. - FortiSwitch devices failing to be discovered. - Spanning tree loops may result depending on the network topology.
Solution FG-92D does not support STP. These issues have been improved in FortiOS 5.4.1, but with some side effects with the introduction of a new command, which is enabled by default:
#config global set hw-switch-ether-filter <enable | disable>
When the command is enabled: - ARP (0x0806), IPv4 (0x0800), and VLAN (0x8100) packets are allowed. - BPDUs are dropped and therefore no STP loop results. - PPPoE packets are dropped. - IPv6 packets are dropped. - FortiSwitch devices are not discovered. - HA may fail to form depending the network topology.
When the command is disabled: - All packet types are allowed, but depending on the network topology, an STP loop may result.
