Do you have FortiSwitches that do not accept configuration changes made on the FortiGate switch controller? Also, when you run the CLI command ‘execute switch-controller get-conn-status’, do you see the ‘flag’ with a value of ‘E’?
FGT01 # execute switch-controller get-conn-status
Managed-devices in current vdom root:
FortiLink interface : fortilink
SWITCH-ID VERSION STATUS FLAG ADDRESS JOIN-TIME SERIAL
Switch-A v7.4.2 (801) Authorized/Up 2E 10.10.10.1 Fri Jul 19 14:17:21 2024 S648FN1X12345678
Switch-B v7.4.2 (801) Authorized/Up 2E 10.10.10.2 Fri Jul 19 12:26:19 2024 S648FN1X12345679
Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=config sync error, 2=L2, 3=L3, V=VXLAN, T=tunnel, X=External
Managed-Switches: 2 (UP: 2 DOWN: 0 MAX: 24)
Try to execute the CLI command “execute switch-controller get-sync-status all”. You may also have the error “REST API login failed with error 60” visible there:
FGT01 # execute switch-controller get-sync-status all
Managed-devices in current vdom root:
FortiLink interface : fortilink
SWITCH-ID (SERIAL) STATUS CONFIG MAC-SYNC HTTP-UPGRADE
Switch-A (S648FN1X12345678) Up Error Error -
[1]
command: https://10.10.10.1:443/api/v2/login
payload:
result : REST API login failed with error 60
Switch-B (S648FN1X12345679) Up Error Error -
[1]
command: https://10.10.10.2:443/api/v2/login
payload:
result : REST API login failed with error 60
We have seen several instances of this problem under FortiOS 7.4.4 and you may also be one of the affected customers.
Please try to downgrade your FortiOS to FortiOS 7.4.3 and let us know if this solves your problem.
Currently, this issue is not documented yet in the release notes of FortiOS 7.4.4. But apart from our cases, we have seen some other customers facing the same issue here and here.
Let us know in the comment section if you face the same problem and if you were able to solve it. Also, please let us know if you find another solution.
