Intermittent Connectivity¶
Symptom: internet works sometimes, drops for seconds-to-minutes, then comes back. Not a hard failure; specific times of day, or on specific apps.
Most Likely Causes¶
- WAN link quality — your ISP is the problem; intermittent loss.
- SD-WAN flapping — SLA thresholds too tight; member oscillates in/out.
- DHCP renewal — WAN gets DHCP from ISP; renewal hiccup.
- DNS resolver hiccups — primary DNS slow / intermittent.
- Firewall session timeouts — long-idle sessions evicted, app reconnects.
- PoE / hardware — overloaded switch starves devices.
Diagnose¶
# Long-running ping with stats:
execute ping-options repeat-count 1000
execute ping 8.8.8.8
# Check for ISP issues over time — sustained ping from FortiGate:
execute ping-options view-settings
execute ping-options interval 1
execute ping-options repeat-count 600
execute ping 8.8.8.8
Lost packets in batches = ISP / WAN issue.
Check SD-WAN flap history¶
diagnose sys sdwan health-check
diagnose sys sdwan service
Frequent state changes = SLA tuning needed.
Check interface drops¶
get system interface physical
# Look for drop counts and CRC errors growing.
diagnose hardware deviceinfo nic <interface>
# Detailed NIC stats: collisions, runt frames, misalignment.
CRC errors / runt frames = bad cable, bad SFP, or speed/duplex mismatch.
Check system log for events¶
Log & Report → System Events — filter for "link," "interface," "sdwan."
Fixes by Cause¶
WAN link bad¶
- Document the loss (ping logs).
- Call ISP with the data. They usually need objective measurement.
- Use SD-WAN with second WAN as backup.
SD-WAN flap¶
- Tighten failure detection: more failures-before-down, longer recovery time.
- See Configure Failover Behavior.
DHCP renewal¶
# Force renewal:
execute interface dhcpclient-renew <interface>
Set a static IP if your ISP allows.
DNS issues¶
Configure two reliable resolvers (Cloudflare + Google), not the ISP's defaults.
Hardware¶
Replace cable, swap SFP, force-set speed instead of auto-negotiate.