FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to check or basic troubleshoot connectivity from internal/LAN to external.
Solution Below will the connectivity details of the server through FortiGate
Go to User servers -> FortiGate connected on Lan Interface -> Destination server connected on DMZ interface.
Below are the few steps to be verified on connectivity end.
1) Physical connectivity check of both source and destination on FortiGate.
- Verify this by checking MAC address and Pinging gateway. - Verify routing is added for both the SRC and destination in case they are not directly connected. - Command for routing is get router info routing-table details x.x.x.x
2)Verifying the policies correctly implemented as per requirement
This can be verified by checking the logs on FortiGate forward policy as given by below link.
3) Verify the configuration with debug logs which will give the accurate information of the traffic flow.
Below is the commands for debug flow.
# diag debug reset # diag debug flow filter addr x.x.x.x <----- x.x.x.x being the IP address on the DMZ. # diag debug flow filter proto 1 <----- Proto 1 is for icmp traffic filter on FortiGate. # diag debug flow trace start 10000 # diag debug en
Verify the log output or raise TAC ticket if it is still not possible to connect to server behind FortiGate.
