To troubleshoot the issue of a client not connecting to the internet, follow these steps:

1. Make sure the FortiGate is properly configured, and all cables are securely connected.
   
   
2. Check the routing and policies configured on the FortiGate to ensure they are correct and allow internet traffic.
   
   
3. Use a sniffer to check for ARP requests to the DNS servers and verify if there are any responses.

To collect sniffer output from FortiGate, run the following command in the CLI:

diagnose sniffer packet any 'x.x.x.x' 6 0 a   <----- To check traffic to the DNS server from any interface where x.x.x.x is the DNS server.

Press Ctrl-C to stop the sniffer.

To collect sniffer output from FortiGate GUI, go to Network -> Diagnostics -> New packet capture -> Enable filter and fill in the information -> Start capture:

4. If an internal DNS server is used and it is not responding (no reply to ARP request), check the subnet configuration on the FortiGate. Ensure the DNS server is included in the subnet of the LAN interface. If the DNS server is behind a different interface, change it to an interface that is included in the subnet of the LAN interface.
   
   
5. After making the changes, verify that DNS and internet traffic are working correctly for the clients behind the FortiGate.