Can you share any article FEC settings..

Also, FYI.. other 2 ports connected to Catalyst sw is also 25G which is UP. The ones which are on Nexus are down.

@shaikh.zaid22 

Cisco c9200 and nexus 9300 switches support different FEC behaviors...especialy on 25G interfaces, and this can absolutely affect link negotiation with devices like firewalls.

Check datasheets...

https://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-switches/datasheet-c78-742284.html

You mean on show logging on nexus?

Since it is multimode fiber connection having both devices in the same rack, i can see SFP lights and fiber lights coming-in in. 

     @shaikh.zaid22                >....You mean on show logging on nexus?
                                Yes, try  to use similar commands on the firewall too when connection attempts are made,
                                                          (checking statuses of links and investigating logs)

  M.

@Rich R 

Thanks for the response and useful articles. Going by the article and verifying my configurations below are the comments:

Firstly, i can see in my cisco nexus port48 configuration i can see "fec off" is applied, unfortunately i dont understand what it means, since it was configured by the build team.

Secondly, based on the second cisco article i can see it is mentioned under 25G Auto negotiation on copper based 25g interface which is what exactly in my case as well requires to configure negotiation of 25000 auto negotiate in the interface config. SO this i will try and see how it goes.

Finally, the fortigate article reers to manuall configure speed 25000 on both fortigate and nexus to work properly.

I will try and update you all.

If any other recommendations please feel free to write.   

  - @shaikh.zaid22 "FEC off" on a fiber port connection means that Forward Error Correction (FEC) is disabled. FEC is a technique used in optical networking to detect and correct errors in data transmission without requiring retransmission , it's advisable or probably required that the connections (ports) at both ends use the same FEC setting

                             As far as auto negotiation is concerned , for fiber it is advised to set the speed fixed for the port according to the capabilities of the SFP (of course port at both ends must support the same speed)

  M.

@marce1000 Thanks for the response, i will try it on Monday and update

@marce1000 thanks marce..

btw, i was also thinking why did the other 25G ports on fortigate connected to a cisco catalyst sw does not have this affect. It seems this is only specific to FEC feature on nexus. if i consider this analogy then, the issue i  not on FGT side.

 - @shaikh.zaid22   That may be but sync the fec settings on fortigate and nexus anyway , before making the
                               connection,

  M.

Hello @shaikh.zaid22 

This is a known interoperability issue with Nexus 9300 and 25G links, especially when using DAC cables or certain optics. Nexus switches require a matching FEC configuration on 25G interfaces. Some platform (like Fortigate or Catalyst) may autonegotiate or tolerate no-FEC, while nexus might expect RS-FEC or FC-FEC explicitly set...like the source I provided to you explain...