Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Muhammad_Haiqal
Staff
Staff

Created on ‎07-11-2024 10:51 PM

Article Id 325547

Troubleshooting Tip: Basic PC connectivity and Traffic Issues

Description This article provides ideas for troubleshooting PC connectivity and traffic issues. These troubleshooting steps may apply to new deployments, migrations, design changes, the introduction of new VLANs, or related scenarios.
Scope FortiGate.
Solution

Example scenario.

Testing PC having below configuration:

  • IP: 192.168.1.200.
  • Subnet: 255.255.255.0.
  • Gateway: 192.168.1.254 (FortiGate).

 

Ping connectivity test.

Gateway connectivity:

Open the command line on the PC and run a ping test to 192.168.1.254:

 

Ping gateway.png

 

Result 1: If the ping is working, the connectivity to Fortigate is good.

Result 2: If ping is not working, the traffic is blocked before reaching the FortiGate or ping is not enabled on Fortigate.

Solution: Directly connect the PC to the FortiGate interface. Enable ping on the FortiGate interface. Verify switch configuration.

  

Internet connectivity:

Open command line on the PC and run a ping test to 8.8.8.8.

 

ping 8.8.8.8.png

 

Result 1: If the ping is working, the connectivity to the internet is good.

Result 2: If ping is not working, Internet on the FortiGate itself is not working.
Solution: Verify the WAN configuration on the FortiGate. The IP address, Default route, SD-WAN, etc.

 

DNS test:

Open the command line on PC and run a ping test to www.google.com.

 
 

ping google.png

 

Result 1: If the ping is working, the connectivity to the internet and DNS resolution are good.

Result 2: If the ping is not working, the DNS server is not reachable.
Solution: Change the PC DNS to 8.8.8.8 only. Make sure FortiGate allows traffic to 8.8.8.8 and the respective DNS server.

 

Remove the VPN or Proxy Server:

Most company PCs are managed by centralized endpoint control. Due to the implemented policy, the traffic may be inspected by the endpoint and subsequently blocked.

Solution: Temporarily disable the endpoint control. Disconnect the VPN or proxy configuration at the browser or application level.

 

Avoid multiple adapter connections:

Having multiple network connections on LAN and Wi-Fi at the same time can introduce routing conflicts at the PC level.

Solution: Disable the adapter that is not involved in the troubleshooting activity.

 

Firewall policy:

On FortiGate, create a new firewall policy that is widely open for troubleshooting purposes as follows:

  • Source: All.
  • Destination: All.
  • Security profile: <No security profile>.
  • Action: Accept.

 

Result 1: If the traffic works after hitting this newly created rule, it means the existing policy has not been configured properly.

Result 2: If the issue persists after applying a specific security profile, such as a web filter, it means the problem is with the web filter profile. Troubleshoot the web filter profile accordingly.

 

If the issue still cannot be solved with these basic troubleshooting steps, contact the Fortinet Support Hotline for further assistance.

 

Related article:

Troubleshooting Tip: Routing Issue
297
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.