Filtering LinkStateUp and LinkStateDown on Extreme

I’ve just implemented this simple filter for Filtering LinkStateUp and LinkStateDown on Extreme Switches. I had an issue on an Extreme switch stack that required me to check the logs to see what had been going on. My problem is that the switch stack had filled the 1000 log buffer entries with linkstateup and linkstatedown events as users had come in to work and started up/shut down their PC’s. The simple fix here will allow filtering LinkStateUp and LinkStateDown on Extreme switches.

The below script also increases the log buffer from 1000 messages to 5000. This is great for Workstation/Edge switches, I’d recommend leaving these log messages for any Server/Core switches.
Read More

Adding an Extreme switch to an existing stack

A recent Extreme switch installation went without a hitch on installation weekend, and the Monday following we were there to support the client in the event of any issues. Luckily there weren’t any. However on the Tuesday we had a single stack member switch, an Extreme x460-48p, stop passing traffic to any users that were patched into this switch. We had the challenge of adding an Extreme switch to an existing stack.

Read More

Upgrade firmware in a FortiGate HA Cluster

A FortiGate cluster can have a firmware upgrade applied in a similar way as you would upgrade a single standalone FortiGate router. To upgrade firmware in a FortiGate HA cluster you simply download the Firmware image you wish to apply then log into the FortiGate and navigate to the System Information section on the Dashboard. In the System Information window the Firmware version is stated, next to this you can click Upgrade, select the downloaded firmware and click OK.

Read More

FortiGate reverting to Standalone mode when configuring HA

One of my colleagues got me to look at an issue he was having today with a FortiGate reverting to Standalone mode when configuring HA (High Availability) clustering in the GUI. He had checked the usual requirements – same firmware, same VDOM mode etc.

First thing I did was try to configure this via the CLI using:

config system ha
set mode a-p
end

When I noticed the set mode command was missing in the CLI.

It was then that I recalled this normally happens when an interface is configured for PPPoE or DHCP. In order to allow a FortiGate router to participate in HA all interfaces must be manually configured with IP Addressing. Sure enough, dmz2, an unused interface was configured for DHCP. Setting this to manual and leaving the ip of 0.0.0.0 on the interface then allowed us to finalise the HA configuration in the GUI.

Setting the timezone on a Fortigate router

Setting the timezone on a Fortigate router is important for correct NTP operation and is critical if you schedule a daily reboot of your Fortigate router. This can be set within the System Information section on the dashboard, or in the CLI. An example of setting the timezone via the CLI for New Zealand is below :

config system global
 set timezone 71
end

In order to do this you will need to know your timezone code and substitute it for 71 in the example above. A list of Fortigate timezones inuse on 4.0 MR3 patch 5 is below:
Read More