Meraki

Community

Lost packets between cisco 9500 (Meraki monitoring) and Fortinet

Solved
AntoineBAK
Here to help
‎Mar 21 2025 7:51 AM
‎Mar 21 2025 7:51 AM

Lost packets between cisco 9500 (Meraki monitoring) and Fortinet

Hello,

I have core switches 9500 connected to Fortigate 600F

Fortigate owns the layer 3.

When there are just some few devices connected, all is working well

however ,with more clients around 1,000 connected, we start to lost packets and the client encountered disconnections especially towards Zscaler.

 

9500 version. 17.9.2

 

Do you saw issues in the past between 9500 and Fortinet ?

 

can you please help me to understand ?

 

Thanks,

 

Antoine B

0 Kudos
1 Accepted Solution
Mloraditch
Kind of a big deal
‎Mar 21 2025 9:59 PM
‎Mar 21 2025 9:59 PM

9500s can only be Meraki monitored so you may want to post over in the main community.cisco.com forum if you arent able to open a support case with either or both vendors.

 

With Full IOS-XE capabilities there could be scenarios and settings that most of us aren’t familiar with.

 

We can certainly try to assist if the Meraki Monitoring is offline but otherwise we may not be of much help.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

6 Replies 6
alemabrahao
Kind of a big deal
‎Mar 21 2025 8:05 AM
‎Mar 21 2025 8:05 AM

Are you using GRE tunnel in the tunnel with Zscaler?

I believe the tunnel is made in the Firewall, right?

I personally understand that it is probably not a problem with the switch itself, could you share a screenshot?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
alemabrahao
Kind of a big deal
‎Mar 21 2025 8:07 AM
‎Mar 21 2025 8:07 AM

Another thing, I would consider checking if there is a CPU and memory spike, either on the Firewall or on the switch when the problem is occurring.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
AntoineBAK
Here to help
‎Mar 21 2025 8:11 AM
‎Mar 21 2025 8:11 AM

I think we are using .pac for zscaler connections

0 Kudos
Mloraditch
Kind of a big deal
‎Mar 21 2025 9:59 PM
‎Mar 21 2025 9:59 PM

9500s can only be Meraki monitored so you may want to post over in the main community.cisco.com forum if you arent able to open a support case with either or both vendors.

 

With Full IOS-XE capabilities there could be scenarios and settings that most of us aren’t familiar with.

 

We can certainly try to assist if the Meraki Monitoring is offline but otherwise we may not be of much help.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
AntoineBAK
Here to help
‎Mar 25 2025 9:13 AM
‎Mar 25 2025 9:13 AM

Hello,

thank you so much for your support

Issue is solved

 

The 9500 is meraki monitored.

This action has created the tracking of all the interfaces included the interfaces towards the firewall.

 

The command looks likes this:

 

interface port-channel

device tracking attach-policy MERAKI_POLICY

 

With a show device-tracking messages, we can observe packet drop on the port channel between the 9500 and the fortinet

 

AntoineBAK_0-1742919013401.png

 

 

The solution is to apply this on all the interfaces especially on the ports towards the gateway

device-tracking attach-policy NOTRACK

 

AntoineBAK_1-1742919187418.png

 

 

We observe no more packet loss.

 

I'm not sure these tracking commands are useful for the monitoring of core switches.

 

0 Kudos
In response to AntoineBAK
Mloraditch
Kind of a big deal
‎Mar 25 2025 9:34 AM
‎Mar 25 2025 9:34 AM

If you haven't involved Meraki support I suggest you do at this point, Just to make them aware. I doubt it's intended that their monitoring setup is supposed to do that.


Thanks for sharing the results!

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.