Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mas1971
New Contributor III

Created on ‎08-07-2008 03:30 AM

unable to config DNS / Ping police for FG 50B OS 3.00 MR 7 Bulid 0726

Hi Folk, We use FG since 2003 an it works fine. After Upgradigng FG OS to MR 7 all config lost and now we have to reconfig. It works. All internal PC can reach the internet an so on. But automatical antivirus doesnt work. I see, that with cli the exec ping dont work. (server noct reachable) what dam config is going wrong? Help needet. thank you!
Best wishes out of Germany
Best wishes out of Germany
2523
0 Kudos
6 REPLIES 6
mas1971
New Contributor III

Created on ‎08-07-2008 08:51 AM

some more explain: if i ping one server: i get this error. FGT50Bxxx # exec ping guard.fortinet.net PING guard.fortinet.net (82.71.226.65): 56 data bytes Timeout ... Timeout ... Timeout ... Timeout ... Timeout ... --- guard.fortinet.net ping statistics --- 5 packets transmitted, 0 packets received, 100% packet loss and FGT50Bxxx # dia test update info Logs: idx=60 Thu Aug 7 16:25:26 2008 upd_act.c[227] __upd_act_update-Failed connecting to 69 .20.231.226:443 Thu Aug 7 16:26:27 2008 upd_comm.c[512] upd_comm_connect_fds-Failed TCP connect Thu Aug 7 16:26:27 2008 upd_act.c[227] __upd_act_update-Failed connecting to 69 .20.231.226:443 Thu Aug 7 16:27:31 2008 upd_comm.c[512] upd_comm_connect_fds-Failed TCP connect Thu Aug 7 16:27:31 2008 upd_act.c[227] __upd_act_update-Failed connecting to 20 9.52.128.84:443 Thu Aug 7 16:28:32 2008 upd_comm.c[512] upd_comm_connect_fds-Failed TCP connect Thu Aug 7 16:28:32 2008 upd_act.c[227] __upd_act_update-Failed connecting to 20 9.52.128.84:443 Thu Aug 7 16:28:32 2008 upd_daemon.c[335] do_update-UPDATE failed Thu Aug 7 16:28:42 2008 upd_cfg.c[49] upd_cfg_get_host_by_name-Failed to gethos tbyname for update.fortiguard.net Thu Aug 7 16:28:42 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:28:42 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:28:42 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:28:42 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:28:42 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:28:42 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:28:42 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:28:42 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:28:42 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:29:23 2008 upd_cfg.c[49] upd_cfg_get_host_by_name-Failed to gethos tbyname for update.fortiguard.net Thu Aug 7 16:31:28 2008 upd_daemon.c[832] upd_daemon-Received setup request Thu Aug 7 16:31:28 2008 upd_daemon.c[206] do_setup-Starting SETUP Thu Aug 7 16:32:28 2008 upd_comm.c[512] upd_comm_connect_fds-Failed TCP connect Thu Aug 7 16:32:28 2008 upd_act.c[159] upd_act_setup-Failed connecting to 65.61 .202.129:443 Thu Aug 7 16:33:32 2008 upd_comm.c[512] upd_comm_connect_fds-Failed TCP connect Thu Aug 7 16:33:32 2008 upd_act.c[159] upd_act_setup-Failed connecting to 69.20 .231.226:443 Thu Aug 7 16:34:34 2008 upd_comm.c[512] upd_comm_connect_fds-Failed TCP connect Thu Aug 7 16:34:34 2008 upd_act.c[159] upd_act_setup-Failed connecting to 216.1 8.101.81:443 Thu Aug 7 16:34:41 2008 upd_comm.c[238] tcp_connect_fds-Failed connecting after sock writable Thu Aug 7 16:34:41 2008 upd_comm.c[512] upd_comm_connect_fds-Failed TCP connect Thu Aug 7 16:34:41 2008 upd_act.c[159] upd_act_setup-Failed connecting to 64.69 .90.228:443 Thu Aug 7 16:34:41 2008 upd_daemon.c[223] do_setup-Failed setup Thu Aug 7 16:34:41 2008 upd_daemon.c[206] do_setup-Starting SETUP Thu Aug 7 16:34:44 2008 upd_comm.c[238] tcp_connect_fds-Failed connecting after sock writable Thu Aug 7 16:34:44 2008 upd_comm.c[512] upd_comm_connect_fds-Failed TCP connect Thu Aug 7 16:34:44 2008 upd_act.c[159] upd_act_setup-Failed connecting to 209.5 2.128.84:443 Thu Aug 7 16:34:50 2008 upd_comm.c[238] tcp_connect_fds-Failed connecting after sock writable Thu Aug 7 16:34:50 2008 upd_comm.c[512] upd_comm_connect_fds-Failed TCP connect Thu Aug 7 16:34:50 2008 upd_act.c[159] upd_act_setup-Failed connecting to 216.1 8.101.82:443 Thu Aug 7 16:34:57 2008 upd_comm.c[238] tcp_connect_fds-Failed connecting after sock writable Thu Aug 7 16:34:57 2008 upd_comm.c[512] upd_comm_connect_fds-Failed TCP connect Thu Aug 7 16:34:57 2008 upd_act.c[159] upd_act_setup-Failed connecting to 209.5 2.128.80:443 Thu Aug 7 16:35:03 2008 upd_comm.c[238] tcp_connect_fds-Failed connecting after sock writable Thu Aug 7 16:35:03 2008 upd_comm.c[512] upd_comm_connect_fds-Failed TCP connect Thu Aug 7 16:35:03 2008 upd_act.c[159] upd_act_setup-Failed connecting to 64.69 .90.228:443 Thu Aug 7 16:35:03 2008 upd_daemon.c[223] do_setup-Failed setup Thu Aug 7 16:35:03 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:35:03 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:35:03 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:35:03 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:35:03 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:35:03 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:35:03 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:35:03 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:35:03 2008 upd_daemon.c[801] upd_daemon-Received ring request Thu Aug 7 16:36:51 2008 upd_daemon.c[206] do_setup-Starting SETUP Thu Aug 7 16:37:51 2008 upd_comm.c[512] upd_comm_connect_fds-Failed TCP connect Thu Aug 7 16:37:51 2008 upd_act.c[159] upd_act_setup-Failed connecting to 216.1 8.101.78:443 Thu Aug 7 16:38:54 2008 upd_comm.c[512] upd_comm_connect_fds-Failed TCP connect Thu Aug 7 16:38:54 2008 upd_act.c[159] upd_act_setup-Failed connecting to 216.1 8.101.81:443 Thu Aug 7 16:39:57 2008 upd_comm.c[512] upd_comm_connect_fds-Failed TCP connect Thu Aug 7 16:39:57 2008 upd_act.c[159] upd_act_setup-Failed connecting to 216.1 8.101.82:443 Thu Aug 7 16:40:58 2008 upd_comm.c[512] upd_comm_connect_fds-Failed TCP connect Thu Aug 7 16:40:58 2008 upd_act.c[159] upd_act_setup-Failed connecting to 64.69 .90.228:443 Thu Aug 7 16:40:58 2008 upd_daemon.c[223] do_setup-Failed setup Object versions: 03000000AVDB00201-00009.00391-0808052354 03000000AVDB00310-00009.00391-0808052354 03000000NIDS00020-00002.00529-0807311816 00000000FCNI00000-00000.00000-0000000000 00000000FDNI00000-00000.00000-0000000000 00000000FSCI00000-00000.00000-0000000000 03000000AVEN00200-00003.00003-0801091826 03000000AVEN00100-00001.00000-0807161801 03000000PRXY00500-00001.00011-0807161805 03000000PRXY00300-00001.00011-0807161805 03000000PRXY00400-00001.00011-0807161805 03000000PRXY00100-00001.00011-0807161805 03000000PRXY00200-00001.00011-0807161805 03000000PRXY00800-00001.00011-0807161805 03000000PRXY00600-00001.00011-0807161805 03000000NIDS00300-00001.00096-0806051827 03000000NIDS00100-00001.00000-0807161813 03000000NIDS00200-00001.00000-0807161813 Setup done once: no Next setup retry: Thu Aug 7 17:58:26 2008 Next sched update: Thu Aug 7 17:56:00 2008 Next update retry: none Next virus report: Thu Aug 7 17:51:43 2008 Ring counters: pass=000000 fail=000001 Setup counters: pass=000000 fail=000006 Update counters: pass=000000 retry_fail=000002 final_fail=000001 Virus report counters: pass=000000 fail=000000 empty_stats=000000
Best wishes out of Germany
Best wishes out of Germany
1010
0 Kudos
rwpatterson
Valued Contributor III
In response to mas1971

Created on ‎08-07-2008 09:05 AM

That' s odd since the DNS is resolving, but the remote host is not responding. I would suggest you double check the routing, and the interface setup. Also, are you sure that this server is up? Try another server that you know for sure is working.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
1010
0 Kudos
mas1971
New Contributor III

Created on ‎08-08-2008 12:17 AM

Hi, thanks for helping, i dont know what goes wrong. The client behind the router can ping and dns lookup for the server in the internet. i put my own DNS Server at primary DNS Server in System / Network / Options, because otherwise the router cant lookup for DNS. Yes, the own DNS server is behind the FG 50B. An he gets the information throug the FG. Routing to client works perfekt (serving in the internet, email, and so on). Only CLI and the Router itself cant join to the internet. The result is, FDN is unreachable an AntiVirus update don´t works. (And the automaticly Dynamic DNS Update by connecting over PPPoE doesn´t work.) if i ping (using the cli) the external IP (on WAN1 port) i can reach it. But i cant reach the first gateway out of my own intranet. so im think there is a mistake in routing or in the police. Router / Static / Static Route is: Ip/mask 0.0.0.0/0.0.0.0 Gateway (ip of my FG router) Device external Port (wan1) Router / Monitor / routing Monitor shows: static: Networtk 0.0.0.0 Gateway / externel Geateway ip of my ISP / interface PPP0 connected: Networtk (external ISP Gateway) Gateway / 0.0.0.0 / interface PPP0 connected: Networtk (external own IP) Gateway / 0.0.0.0 / interface PPP0 connected: Networtk (intranet/24) Gateway / 0.0.0.0 / interface internal So any other idea? thank you!
Best wishes out of Germany
Best wishes out of Germany
1010
0 Kudos
mas1971
New Contributor III

Created on ‎08-08-2008 01:45 AM

OK. i find it out of my own. one policy needed: (internal to external) source: all (i think external ip adress only will be enough) destination: all Service: DNS, ping, So FG Router and CLI is able to reach the internet.
Best wishes out of Germany
Best wishes out of Germany
1010
0 Kudos
mas1971
New Contributor III

Created on ‎08-08-2008 02:26 AM

NO, THAT WAS NOT RIGHT! But it depends on an firewall police. I dischecked my VPN Encypeded Police. If i enable it the problem starts again. The must be en configurartion error in the VPN Configuration... I work on it. All the weekend... My real problem is, i dont have any backup of the Configuration. The last one is out of 2004... and depands on an FG50 without " b" :-(((( Shame on me. But not needed to config the FG for about one year. " never touch a running system" :)
Best wishes out of Germany
Best wishes out of Germany
1010
0 Kudos
rwpatterson
Valued Contributor III
In response to mas1971

Created on ‎08-08-2008 05:43 AM

Change the gateway to the ISP' s router. That' s the gateway.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
1010
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.