@Najib Akbari hi, was there any changes on setup? OS upgrades? check again fortigate side if both related ports are in the port Chanel configuration.

What device model and code are running on both sides? when we see (S) that show some configuration mismatch

check Forti Side config also.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Initial-troubleshooting-steps-for-LACP-Link/ta-p/198339?externalID=FD30542

  - @Najib Akbari    Check if anything was changed on the Fortigate and scrutinize those port settings (Fortigate)
                              again. Also check networking logs on the fortigate similar as you are doing on the Cisco device

  M.

You’re most likely not getting LACP packets from the FortiGate. Check the FortiGate interface and make sure it is set to type aggregate with LACP, not static.
If it’s set to static, the Cisco side will bring the link up but put the port in suspended because no LACP is received.

Also check the cabling. I’ve seen this happen when a cable or patch-panel port was bad the link looked up but LACP packets didn’t pass. Replacing the cable fixed it.

Hi All - Thanks for the support.

few weeks ago we upgraded fortigate code to 7.4.9.  here is the fortigate side aggregate port config which consists of physical port1,2:

edit "AGGRPORT12"
set vdom "root"
set vrf 0
set fortilink disable
set mode static
set dhcp-relay-interface-select-method auto
set dhcp-relay-service disable
set ip 0.0.0.0 0.0.0.0
unset allowaccess
set fail-detect disable
set pptp-client disable
set arpforward enable
set broadcast-forward disable
set bfd global
set l2forward disable
set icmp-send-redirect enable
set icmp-accept-redirect enable
set reachable-time 30000
set vlanforward disable
set stpforward disable
set ips-sniffer-mode disable
set ident-accept disable
set ipmac disable
set status up
set netbios-forward disable
set wins-ip 0.0.0.0
set type aggregate
set netflow-sampler disable
set sflow-sampler disable
set src-check enable
set sample-rate 2000
set polling-interval 20
set sample-direction both
set explicit-web-proxy disable
set explicit-ftp-proxy disable
set proxy-captive-portal disable
set tcp-mss 0
set inbandwidth 0
set outbandwidth 0
set egress-shaping-profile ''
set ingress-shaping-profile ''
set spillover-threshold 0
set ingress-spillover-threshold 0
set weight 0
set external disable
set member "port2" "port3"
set description ''
set alias ''
set security-mode none
set ike-saml-server ''
set device-identification enable
set device-user-identification enable
set lldp-reception vdom
set lldp-transmission enable
set estimated-upstream-bandwidth 0
set estimated-downstream-bandwidth 0
set measured-upstream-bandwidth 0
set measured-downstream-bandwidth 0
set bandwidth-measure-time 0
set monitor-bandwidth disable
set vrrp-virtual-mac disable
set role lan
set snmp-index 25
set secondary-IP disable
set preserve-session-route disable
set auto-auth-extension-device disable
set ap-discover enable
set ip-managed-by-fortiipam inherit-global
set switch-controller-mgmt-vlan 4094
set switch-controller-igmp-snooping-proxy disable
set switch-controller-igmp-snooping-fast-leave disable
set swc-first-create 0
set eap-supplicant disable
config ipv6
set ip6-mode static
set nd-mode basic
set ip6-address ::/0
unset ip6-allowaccess
set icmp6-send-redirect enable
set ra-send-mtu enable
set ip6-reachable-time 0
set ip6-retrans-time 0
set ip6-hop-limit 0
set dhcp6-prefix-delegation disable
set dhcp6-information-request disable
set vrrp-virtual-mac6 disable
set vrip6_link_local ::
set ip6-send-adv disable
set autoconf disable
set dhcp6-relay-service disable
end
set priority 1
set dhcp-relay-source-ip 0.0.0.0
set dhcp-relay-circuit-id ''
set dhcp-client-identifier ''
set dhcp-renew-time 0
set idle-timeout 0
set disc-retry-timeout 1
set padt-retry-timeout 1
set dns-server-override enable
set dns-server-protocol cleartext
set wccp disable
set drop-overlapped-fragment disable
set drop-fragment disable
set mtu-override disable
set lacp-mode active
set lacp-ha-secondary enable
set system-id-type auto
set lacp-speed slow
set min-links 1
set min-links-down operational
set algorithm L4
set link-up-delay 50
set aggregate-type physical
next

Fortigate 7.4.9
C9300 Core: 17.12.05

here is the agg port diag. port 3 is failing and interestingly it shows 0 LACP receieved while cisco core says LACP not enabled. also we noticed Fortigate started crashing/reloading which makes me think thats the reason LACP not working !!? i dnt know, we are talking to fortinet for RMA but at the same time figuring out the root reason for LACP failure would be a good experience:

CISCO side LACP debug messages: