Skip to main content
fl0at0xff
fl0at0xff
New Member
October 21, 2016
Question

Deny IP Connection error - FortiOS 5.4.1 on some model

  • October 21, 2016
  • 1 reply
  • 37459 views

Hello. I have the same problem (or a similar one) with Fortigate 60D / E 5.4.1 and with FortiWifi 60E. I just have lan and WAN connected, one policy to allow LAN to WAN all traffic with Log All Session enable. My devices connected to LAN interfaces are able to surf on the internet (policy and default route created). This policy rules log all sessions. In the log settings, I log all that I want on the memory and I display log from memory. But when I want to see log, I just see Deny: IP Connection Error. I can't see allowed trafic and other potential deny. This is very strange because these log entries match my unique policy "LAN to WAN".

    1 reply

    sebag
    sebag
    New Member
    October 21, 2016

    I have the same problema with FG200D and FG60D using 5.4.1. It's blocking Google-Web and this device (Android phone) can't download an app from Google Play. If I connect it to 4G network it download ok.

    tanr
    tanr
    New Member
    October 21, 2016

    @fl0at0xff,

     

    The deny you had selected in the image was showing TCP 8013.  That's normally v5.4.1 FortiClient registration, which should only be going to the FortiGate (or EMS server).  

     

    Is it only wifi clients running FortiClient that are getting denied?  

    Is the SSID set up as a tunnel instead of a bridge?

    If so, have you enabled FortiTelemetry for the SSID interface?

    If not, that could be your problem.

    If you do have FortiTelemetry enabled for the wifi tunnel, have you set up a separate wifi-tunnel to wan rule?

     

    I'm going off my configuration of a FortiGate with FortiAP so it may or may not match your experience.

     

     

    fl0at0xff
    fl0at0xffAuthor
    New Member
    October 22, 2016

    Hello @tanr and thank you for your answer.

    My problem is present with devices connected via Wifi and directly with the cable. I don't think that the problem is related to wireless. I have exactly the same problem with à fortigate 60D

     

    For information, Any of my client uses Forticlient in this installation. It's really a out-of-the box problem. As I said before, I just the simple configuration showed in my initial post.

     

    By the way, I don't have a lot of experience using FortiWifi. I checked tunnel mode for my wifi. It is a good idea or not ? I just use the two antenna of the fortiwifi not external AP. What is fortiTelemetry ?

     

    thanks.

    Terms & ConditionsAccessibility statement