FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to fix 25 Gigabit Ethernet connection between FortiGate and Cisco Nexus.
Scope - FortiGate with 25 Gigabit Ethernet interface. - FortiGate with Fortinet : FN-TRAN-SFP28-SR model to connect to Cisco Nexus via fiber optic cable. - Cisco Nexus with 25 Gigabit Ether net interface. - Cisco Nexus with Cisco : SFP-10/25G-CSR-S model to connect to FortiGate via fiber optic cable. - The connection between FortiGate and Cisco Nexus can be only the single interface or a link aggregation interface.
Solution - When a FortiGate unit with 25Gigabit Ethernet interface is connected to a Cisco Nexus Ethernet interface with the default setting. But the interface is still not up for both sites. - At Cisco Nexus site, when a user try to correct the setting at 25 Gigabit Ethernet interface with:
# fec rs-ieee
It can show the error message as below.
"ERROR: FEC validation failed on ethX/Y due to incompatible configured speed or transceiver type"
(X/Y is your Cisco Nexus interface.) -Consider then to disable FEC (Forward error correction) for both site.
Solution to fix the issue:
At FortiGate.
# config system interface edit <interface name> set forward-error-corrrection disable <----- (Enabled by default). next end
At FortiGate with link aggregation interface:
# config system interface edit <portX> set forward-error-corrrection disable <----- (Enabled by default). next edit <portY> set forward-error-corrrection disable <----- (Enabled by default). next end
(portX and portY are the member of the link aggregation interface.)
At Cisco Nexus:
# conf terminal # interface ethernet X/Y # set fec off
