FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the steps to troubleshoot and resolve the issue of a client not connecting to the internet through FortiGate. The article provides a detailed solution to help users identify and fix the root cause of the problem.
Scope
FortiGate.
Solution
To troubleshoot the issue of a clients not connecting to the internet, follow these steps:
Make sure the FortiGate is properly configured and all cables are securely connected.
Check the routing and policies configured on the FortiGate to ensure they are correct and allow internet traffic.
Use a sniffer to check for ARP requests to the DNS servers and verify if there are any responses.
To collect sniffer output from FortiGate, run the following command in the CLI:
diagnose sniffer packet any 'x.x.x.x' 6 0 a <----- To check traffic to DNS server from anyinterface where x.x.x.x is the DNS server.
Press Ctrl-C to stop the sniffer.
If an internal DNS server is used and it is not responding (no reply to ARP request), check the subnet configuration on the FortiGate. Ensure the DNS server is included in the subnet of the LAN interface. If the DNS server is behind a different interface, change it to an interface that is included in the subnet of the LAN interface.
After making the changes, verify that DNS and internet traffic are working correctly for the clients behind the FortiGate.
