Description
This article describes the case when WAN IP is displaying as 'unknown' in the Dashboard.
Scope
FortiGate.
Solution
It is possible to fix that issue in multiple ways. Before fixing it, do the verification as below:
1) First check if the default route is there:
# get router info routing-table all
2) Try to run the below command to get the IP from the FortiGuard:
# diagnose sys waninfo
# diagnose sys waninfo ipify
It is possible to get the error if it failed to get the IP as below: if yes follow the next step:
Try to get 'my public IP' through: ]https://api.ipify.org[/link] with src_ip=0.0.0.0 vfid=0(root) ... Failed to get my public IP, ret=-1 src_ip=0.0.0.0 vfid=0(root).
Command fail. Return code 5
3) Proper internet reachability. For that execute the below commands:
# exec ping-option reset
# exec ping 8.8.8.8
If it is not pinging, check the routing table by the command:
# get router info routing-table details 8.8.8.8
If multiple routes for internet connectivity are seen below:
# get router info routing-table details 8.8.8.8
Routing table for VRF=0
Routing entry for 0.0.0.0/0
Known via "static", distance 10, metric 0, best
* 10.x.x.x, via port1
* 10.x.x.x, via port2
Then test the reachability by specifying the interface/source as below:
# exec ping-options reset
# exec ping-options interface port1
# exec ping 8.8.8.8
If it is successful, do the below changes on the DNS settings:
# config sys dns
set interface-select-method specify
set interface port1
end
If not, change the interface to port2 and check. If it works, make the changes on the DNS interface select method:
# exec ping-options reset
# exec ping-options interface port2
# exec ping 8.8.8.8
# config sys DNS
set interface-select-method specify
set interface port2
end
Also, to reach the FortiGuard servers, it is necessary to use the same port:
# config sys fortiguard
set interface-select-method specify
set interface port1
end
