Strange issue with Fortigate

Forum|Forum|9 years ago
April 10, 2017
2 replies
6417 views

Hi All,

I am having a strange issue with one of our Fortigate HA pair. I have a multi vdom setup and all vdoms are working fine except one.

One of the boxes restarted yesterday. The failover occurred but now for one of the VDOM, the routing is not working. I have a default route configured. I can ping the GW but can not ping from the GW. I have checked that ping is allowed.

When I try to send traffic out to the internet, the traffic is not even getting to the GW. I have tried restarting the box as well as the routing engine. This was a working setup and no changes have been made at all except for the failover yesterday.

Can anyone help?

Thanks

FortiGate

Sanjay1

New Member

Hi,

First of all kindly make sure that traffic is hitting the firewall's interface or not using the debug command on CLI. If there's traffic on the incoming interface, the output of debug commands will give you all details like the policy id dropping/accepting traffic, next hop, if the routing is done right or not, etc. And if the output is blank ( no traffic hitting the interface) there must be some issue in the routing of the internal network. Kindly check routes on L3 switch/router and make sure the traffic is routed towards the firewall's interface.

Hope it's helpful, thanks.

MikePruett

New Member

make sure you don't have an IP Pool that includes your GW's IP. That burned a client of mine when they upgraded and I caught it for them after they already went down.