FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 212659



This article describes when a user reports that the network is having slowness, intermittence, or disconnection for certain applications or general connections.





Network Equipments.




There are several possibilities that lead to this issue.

Some issue may not on the fortigate level itself.


FortiGate Network Equipments
  • Policy Ipv4
  • Security profile(antivirus, web filter, application control, etc)
  • Routing
  • HA
  • Firmware upgrade
  • etc
  • Looping
  • IP conflict
  • Aggregation/LACP
  • Routing
  • Stacking
  • Spanning tree
  • etc


In some cases, the issue also happening after some changes on the network level.



  1. Adding new network equipment(Core switch, Distribution switch, etc).
  2. Stacking / LACP configuration on existing equipment.
  3. Changing physical interface. Uplink or from UTP to fiber.
  4. Gateway/routing changes.5) Upgrade firmware.


First, it is necessary to identify for any changes happening on any network equipment to focus on the specific equipments.




In any troubleshooting, the common way is to minimize any potential possibilities.

Here is some troubleshooting action can be done.


Troubleshoot Fortigate issue:


In this scenario, example will be IP PC).


Gateway : (fortigate IP)


Diagram as follow:

Internet <<>> Fortigate <<>> Core switch <<>> Switch <<>> AP <<>> PC


On FortiGate:

Create 1 new policy IPV4.


Destination: ALL
Security profiles: None
NAT : Enabled


This will eliminate issue related to security profiles. Antivirus, Web filter, application control, etc.
Without any changes to the network, test the application/service that having issue.

Then, apply 1 security profile at 1 time.


  • Only enabled Antivirus profile.
  • Only enabled Web filter profile.
  • Then apply combination of the profile.


Run the test until the application stop working. From the result, fine tune the respective policies accordingly.


Troubleshoot network issue:


  • Security profiles is not enabled on the policy IPv4 and everything is allowed. No traffic will be denied by the FortiGate.
  • This test scenario will troubleshoot on the network level. Physical access to the network units is required.


From the PC, keep pinging IP) and and run below test scenario.

For each scenario, test the problematic application/traffic accordingly.


  1. PC connect to FortiAP.


Internet <<>> Fortigate <<>> Core switch <<>> Switch <<>> AP <<>> PC

  • Policy IPV4 issue already eliminated.


  1. PC direct to Switch.


Internet <<>> FortiGate <<>> Core switch <<>> Switch <<>> PC

  • This will eliminate issue of AP.


  1. PC direct to Core switch.


Internet <<>> FortiGate <<>> Core switch <<>> PC

  • This will eliminate issue of the Switch.


  1. PC direct to FortiGate

Internet <<>> Fortigate <<>>  PC

  • This will eliminate issue of Core switch.


  1. PC direct to ISP.

Internet <<>>  PC xx.xx.xx.xx

  • This will eliminate issue of the Fortigate.


From this test, there is some finding and proceed with necessary troubleshooting.
Call Fortinet Support if requires help on the FortiGate level.


Related article:

Technical Tip: High availability intermittence issue

Troubleshooting Tip: LACP issue