- To resolve that, upgrade the downstream FortiGate to similar version of the root FortiGate which is 6.2.5 in this case.- Once done,this is on the root FortiGate security fabric status.- It is really important for all FortiGates on security fabric to be on the same version to established a good state on security fabric connectivity.Troubleshooting.
- This shows verbose logging on csfd (daemon responsible for security fabric).# diag debug app csfd -1- Other diagnostics shows the different state of security fabric.
# diag debug enable# diag test app csfd { integer value }- Also when encountering issues on security fabric it is important as well to check if there is any CSFD crash.
1. show stats
2. show plugin status
99. restart
10. show MAC cache status
11. show Slave MAC cache status
20. show FSA setting synchronization status
30. show cached downstream list
40. show slave mac sync status
50. Show Upstream Path.
51. Show list of pending downstream authorizations.
52. Show list of authorized downstream nodes.
60. show key info
80. show SAML cached entries for downstreams
81. delete SAML entries for fabric members.
82. delete and recreate SAML entries for fabric members.
83. Show config versions.# diag debug crashlog read
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.