This quick post is to document an issue we’ve seen enough times to make this change part of our standard deployment.
Issue: New FortiGate installation seems to drop Comcast Internet connection for a minute periodically.
This isn’t a link monitor issue or anything complex. The problem comes down to some Comcast modems, other providers I’m sure have a similar issue.
When a FortiGate is deployed, the FortiGaurd service uses port 53 for updates. When these impacted modems see non DNS traffic on port 53 they reset the interface, which of course drops all connectivity and from the users perspective the Internet goes down.
The quick fix, and part of our standard deployment now, is to change the port used by FortiGuard to 8888.
- Navigate to System > FortiGuard
- In the Filtering section click on 8888 and click OK
That’s it, it’s fixed, no more resets.