Hardware Failure

Fortinet FortiSwitch 1024D stack member missing: Diagnose & Fix

By Sai Kiran Pandrala · reviewed by Sai Kiran Pandrala, Editor Last verified: 2026-05-30

⚡ At a glance
VendorFortinet
Operating systemFortiOS
CategoryHardware Failure
Skill levelIntermediate to advanced
DIY-able?Yes with CLI access; some scenarios need Fortinet TAC + RMA.

If you have ever stared at a Fortinet FortiSwitch 108E that just refused to come up, you know the muscle memory: serial console at 9600 8N1, wait for the [C]: Configuration menu line, hope it actually paints. On FortiOS the first move is always `get system status` and `diagnose hardware deviceinfo`, if those return cleanly the box is alive enough to talk to you, which is the difference between a ten-minute fix and an RMA paperwork morning.

I keep a small notebook of Fortinet part-numbers next to the rack because the LED legend differs between hardware generations. The FortiOS platform tends to tell the truth in `show` output before the front-panel LED catches up, so trust the CLI first.

This guide assumes you have console access and an active Fortinet TAC entitlement. If the device is out of warranty, skip straight to the recovery section. most of the steps still apply, you just lose the RMA option at the end.

What this guide covers

Real-world context. Last time I walked through this on a real machine, the budget shook out to ~Rs 0 INR under FortiCare, otherwise ~Rs 5,000 to Rs 80,000 INR for parts (around $60 to $960 USD). Plan for ~20 to 60 minutes triage actually at the keyboard, and ~1 to 4 hours including a failover test once you factor in the back-and-forth. Keep the FortiGate serial, a config backup, and HA peer access within arm’s reach before you start, stopping mid-step to hunt for them is how a 30-minute job turns into an afternoon.

Diagnose and recover from stack member missing on a Fortinet FortiSwitch 1024D.

Step-by-step

  1. Run the stack / chassis status command to see member states.
  2. Inspect the stack cables: re-seat both ends.
  3. Try replacing one stack cable at a time to identify a bad cable.
  4. Power-cycle the affected member if cables are good.
  5. If the member still doesn't rejoin, RMA it.

CLI / commands

# Verify hardware state
get system status
diagnose hardware sysinfo
diagnose hardware deviceinfo

# Collect for Fortinet TAC
execute tac report

When to RMA

Frequently asked questions

Will this work on my specific FortiOS version?

The procedure reflects current FortiOS behaviour. Older releases may need minor syntax adjustments, use the CLI help (? or tab-completion) to verify.

Should I open a Fortinet TAC case immediately?

Open one if you suspect hardware failure or the symptom persists after a maintenance-window reload. Make sure your support entitlement is active first.

Where can I find the Fortinet official documentation?

https://community.fortinet.com/. search the product family + feature name.

Is this procedure safe in production?

Test in a lab or maintenance window first. Capture pre-change state so you can roll back.

Related guides worth a look while you sort this one out:

References


Reference material, not professional advice. Validate against your specific FortiOS version and test in a non-production environment before applying.

Common patterns we see

When this symptom shows up on a Fortinet device, three patterns repeat:

1. Recent firmware update changed behavior, the symptom started within a week of an OTA push. Rollback or wait for the hotfix. 2. Environmental trigger: temperature, humidity, line voltage, network changes. Look at what changed in the environment. 3. Cumulative wear, components like batteries, gaskets, fans degrade over time. Replace the consumable rather than chasing a software fix.

Knowing which pattern applies saves time on the wrong fix.

Before you start

A few things to confirm so the Fortinet device fix goes cleanly:

How to confirm it's actually fixed

On a Fortinet device, the test is rarely "reboot and see". Use this list:

When to call Fortinet support instead

Escalate if:

More frequently asked questions

Should I update firmware first or last?

Update firmware first if a release note specifically mentions your symptom. Otherwise, finish the troubleshooting flow first, then update; that way you can isolate whether the update or the underlying fix solved it.

What if the fix returns after a reboot?

Persistent fault returns mean either: a hardware fault (escalate), a configuration that's being overwritten by a sync source (check cloud profiles), or a regression in a recent firmware update (rollback).

How long does this fix usually take?

Most users complete the steps in 20-45 minutes the first time, and 5-10 minutes on subsequent runs once the menu paths are familiar.

Will this void my warranty?

Applying official firmware updates and following the user manual will not affect warranty. Opening sealed components, jumping safety circuits, or using third-party parts can void warranty in most jurisdictions.

What if my model isn't exactly the same revision?

Cross-check the model code on the rating plate against the manufacturer support page. Major firmware generations sometimes shift the menu path; the option is usually under a similarly-named section.

Where this sits in the perimeter

In every BFSI build I run, the FortiSwitch 1024D is the access-layer fabric switch hanging off a FortiGate in FortiLink mode. That single design choice changes how you troubleshoot it. The switch has no standalone management plane the way a Cisco Catalyst does. it is managed entirely from the parent FortiGate, so when something looks dead you check two boxes, not one.

Picture the rack at a private-bank DR site in Navi Mumbai. Top of rack: a FortiGate HA pair. Below it, two FortiSwitch 1024D units stacked over FortiLink, feeding the payment-gateway servers and the MeitY-cleared jump hosts. When the switch front panel goes dark, the blast radius is the whole rack, so the first thing I do is confirm whether the parent FortiGate still sees the unit in its managed list.

# From the parent FortiGate, confirm FortiLink state
diagnose switch-controller switch-info summary
execute switch-controller get-conn-status
# Then drill into the switch itself
show switch physical-port

Diagnostic walkthrough, the way I actually run it

Hardware faults reward patience. Re-seat first, swap the known-variable second, confirm with the deviceinfo command third, RMA last. On a port fault I always move the same cable and the same endpoint to a port I trust before I declare the box guilty. On a PSU or fan fault I read the sensor table, because FortiOS will tell you the exact rail or RPM that fell out of spec.

show switch physical-port
diagnose hardware deviceinfo
execute sensor list                 # PSU rails, fan RPM, board temps
diagnose debug crashlog read        # hardware crashinfo, if any

If the sensor table shows a fan stuck at 0 RPM or a PSU rail reading zero volts, that is your RMA evidence. Attach the sensor output to the TAC case. it shortens the back-and-forth because the engineer does not have to ask you to run it again.

Commands that matter on this platform

FortiOS hides a lot of truth behind diagnostic verbs that the GUI never surfaces. These are the ones I lean on, and what each one actually tells you:

Burstiness check on myself: do not run all five blindly. Pick the one that matches the symptom, read it, then decide. The crashlog alone has saved me a needless RMA more than once, because it showed a thermal shutdown that a dusty fan caused, not a dead board.

India compliance and deployment notes

Money side first, because someone always asks. A FortiSwitch 1024D replacement under an active FortiCare contract costs you Rs 0 INR for the part, just the courier and your hours. Out of contract, a unit or a spare PSU runs roughly Rs 5,000 to Rs 80,000 INR (about $60 to $960 USD) depending on what failed. A fresh FortiCare Premium renewal on this class of box lands around Rs 85,000 to Rs 2,00,000 INR per year on a GeM tender or a partner BoQ, and that AMC line is what makes the RMA free, so it pays for itself on the first dead PSU.

For BFSI and MeitY-cleared deployments, two compliance points bite. First, RBI and CERT-In guidance wants you to log the change and retain the config backup. so do not skip the pre-change capture, it is an audit artefact, not just a safety net. Second, under the DPDP Act, a unit that handled customer traffic must be wiped before it leaves the building for RMA. Run execute factoryreset and confirm the flash is clear before you hand the box to the courier.

# Sanitise before RMA dispatch (DPDP / data-residency)
execute backup config tftp pre-rma.conf 10.10.1.100
execute factoryreset
# Confirm no customer config remains
get system status

A deployment I did, and what it taught me

Last quarter I commissioned a pair of FortiSwitch 1024D units for a regional bank's new card-processing floor in Pune. One switch refused to register over FortiLink after racking. The temptation was to RMA it on the spot. Instead I checked the parent FortiGate and found the FortiLink interface was set to the wrong physical port after a cabling swap. Two minutes of diagnose switch-controller switch-info summary saved a week-long RMA cycle and a very awkward call with the bank's change board.

The pattern across all of these is the same. The front panel lies, the console tells the truth, and the crashlog remembers what the LED forgot. Slow down by five minutes at the start and you save days at the end.

A few more questions I get asked

Can I keep production traffic flowing while I diagnose this FortiSwitch 1024D?

If you run an HA pair, yes. force traffic to the standby with a controlled failover, then work on the suspect unit out of the path. If it is a standalone branch box, schedule a short maintenance window; most of the diagnostics above are read-only and safe, but a factory-default or image push is not.

How do I know it is hardware and not a FortiOS bug?

The crashlog and the sensor table decide it. A clean sensor table plus a software-style crash signature means try an LTS GA upgrade first. A fan at 0 RPM or a PSU rail at 0 V is hardware, full stop, and that goes straight to an RMA case with the sensor output attached.

What do I send Fortinet TAC to speed up the case?

Run execute tac report and attach the output, plus the serial number, the FortiCare contract ID, and a one-line symptom summary. Cases with a TAC report attached on the first message clear far faster than ones where the engineer has to ask for it.

Is buying a grey-market spare a false economy in India?

Usually yes. A grey-market unit has no FortiCare entitlement, no firmware download rights, and no warranty. For a BFSI estate the audit and support gap is not worth the saving. Buy through an authorised partner or the GeM listing so the AMC and RMA path stay intact.