Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

FG-100A problems with updates, ping & browsing

We have recently purchased a FG-100A with 1 yr services bundle. I have upgraded the firmware to version 3.00,build0247,060417. I have been observing very weird behavior on the FG-100A. 1) After each restart of the firewall the updates are gone & Web Filtering, antispam shows Not Licensed. also all AV, IPS update lights are flashing red. 2) on the fortiguard center page the test availability button always shows DNS error. No matter if the DNS server is readily available on ping. 3) If we ping the firewall wan1 address from outside, we get a request timeout even though the gateway never times out. 4) More strange is if we keep a continuous ping on wan1 whenever we hit the status link on the web manager gui we get pings briefly, then it again goes back to timeout. 5) Even after putting the override ip address the updates do not take place. 6) The surfing through the firewall is at a standstill. 7) On the web manager gui only the status link comes up very fast. all other pages time out. Please help urgently as the entire campus internet access is down & this is the admission season.
28 REPLIES 28
RickP
New Contributor

After each restart of the firewall the updates are gone & Web Filtering, antispam shows Not Licensed. also all AV, IPS update lights are flashing red.
I see similar behaviour. While my updates are certainly not gone, the services show not licensed and the update lights are flashing red. This is because the box has not yet tried to communicate with the FortiGuard Service so it doesn' t know if it can yet. The ' not licensed' issue is because the licensing information is held on the server, not the FortiGate. It has to contact the server to find out whether it' s licensed or not. After a minute and a screen refresh, it' ll be just fine.
UkWizard
New Contributor

If youre pinging the firewalls external address, and it isnt responding, it might be that the ' ping' option is unticked on the interface settings (this is recommended in most cases). Have you done the following tests from internally outbound ? pinging the firewall internal ip pinging an external ip (i use 194.42.224.130 as a test) perform an DNS lookup on your internal DNS server and to an external DNS server (ip address is one you can use) traceroute to an external address. These should be your first tests, to see if the link is up and whether DNS etc is working.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
Not applicable

The updates Lights kept flashing for 2 entire days. The ISP network was certainly up & running fine. We checked. We have ticked the Ping option on all interfaces. Inspite of that we could not ping from outside to the firewall wan1 interface. Ping from inside to out was working fine all along. funny thing was whenever we clicked on the status link on the web manager gui we got a few replies to ping from outside. Now why is that? Now overnight the problem has vanished. All updates are showing green. We did not do anything to solve it. It went away on its own. I am scared because of the uncertain nature of the problem resolution. It leaves us vernurable to similar incidences in future.
UkWizard
New Contributor

Are you sure its not just just your browser caching the page. Seen that before, where you just do a page refresh and it changes. You should also check the DNS settings for your fortinet (which it uses to resolve the update servers addresses). If it happens again, try an update from the command line, and see if it connects or not. Might be worth raising a support call to fortinet, in case they have issues with the update server in your part of the world.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
Not applicable

we could not ping from outside to the firewall wan1 interface. Ping from inside to out was working fine all along. funny thing was whenever we clicked on the status link on the web manager gui we got a few replies to ping from outside. Now why is that?
Pings are not browser cache related. If the thing happens again will certainly try from the comand line.
UkWizard
New Contributor

I am talking about the dashboard flashing lights, which you see via a browser ..... it could be connected and your browser just thinks it isn' t. Like i mentioned earlier, you will not be able to ping the wan1 from outside if the ping option isnt ticked on the external interface settings.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
Not applicable

Form my earlier post..
We have ticked the Ping option on all interfaces. Inspite of that we could not ping from outside to the firewall wan1 interface.
Also as the status page is set to auto refresh every 30 seconds there is no doubt about it. (I had the same doubt & I made sure by pressiung refresh several times.)
UkWizard
New Contributor

you have other issues if you cannot ping the outside interface !! Is it a cluster ? Are the firewalls behind another firewall or router ? Presume the external interface has ' public' ip addresses on it ?
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
Not applicable

Is it a cluster ?
No.
Are the firewalls behind another firewall or router ?
No firewall but a router. No issues with router bvlocking the ping or anything else becouse if we remove the link from FG-100A & put it direct to a pc we can ping & browse very well.
Presume the external interface has ' public' ip addresses on it ?
Yes of course. Also the problem vanished overnight on its own. We have long power cuts every day. So we shut down the unit from the web gui prior to our ups running out & restart it after power comes back. These problems happen every time after restart. All the updates show red, no pings ( or pings only when we hit the status link in web manager), updates take hours to happen or do not happen at all, web surfing through the firewall comes to a crawl. If we put the ISP link in a pc directly we can verify that the link is up & running properly. So it must be an issue with the FG-100A unit itself.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors