Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- FG-100A problems with updates, ping & browsing
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 06-19-2006 04:38 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FG-100A problems with updates, ping & browsing
We have recently purchased a FG-100A with 1 yr services bundle.
I have upgraded the firmware to version 3.00,build0247,060417.
I have been observing very weird behavior on the FG-100A.
1) After each restart of the firewall the updates are gone & Web Filtering, antispam shows Not Licensed. also all AV, IPS update lights are flashing red.
2) on the fortiguard center page the test availability button always shows DNS error. No matter if the DNS server is readily available on ping.
3) If we ping the firewall wan1 address from outside, we get a request timeout even though the gateway never times out.
4) More strange is if we keep a continuous ping on wan1 whenever we hit the status link on the web manager gui we get pings briefly, then it again goes back to timeout.
5) Even after putting the override ip address the updates do not take place.
6) The surfing through the firewall is at a standstill.
7) On the web manager gui only the status link comes up very fast. all other pages time out.
Please help urgently as the entire campus internet access is down & this is the admission season.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
28 REPLIES 28
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could be a speed negotiation issue with the FGT->Router Link ? Could try hard setting one speed (via the command line). replace the cable between the router and the fortinet as well.
This is very bizarre behaviour. When you plug the pc in place of the firewall, do you use the firewalls IP address ? or another from your range ?
Also check your external interfaces subnet mask is correct, as per the ISP supplied details. A mismatch can cause all sorts of strange behaviour.
Last resort if all this fails to help, you could switch to another physical port on the firewall. In other words start using WAN2 port instead of WAN1. This will need resetting up of all the rules though.
To eliminate a physical port problem, that could be damaged from a possible power spike due to the power losses.
Is the router also on the UPS as well ? if still stuck, are you sure it isnt the Router thats behaving strangely ?
have you also connected a pc via crossover to the external port, using another external ip address and see if the ping to the firewall works ?
UK Based Technical Consultant
FCSE v2.5
FCSE v2.8
FCNSP v3
Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising
in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT
experience.
Not applicable
Created on 06-21-2006 03:09 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No it cant be the router becouse we have used the exact same settings as on the firewall wan1 port on the test PC & it works every time. So no doubt about it.
It can not be a wan1 port problem because we have 2 ISP links ( two separate isp links from two separate companies) & we observe exactly same behaviour on the second ISP link too which is connected to the wan2 port of the FG-100A. And we have tested that link too on a separate PC with exactly same settings as on wan2 port.
It can not be cables or anything like that cause we use the same set when we test on the PC' s.
Thanks for your replies & patience. Much appreciated. I am baffeled here. I have setup many many firewalls but this is the first from fortinet.
Fortinet suport just advised me to change the DNS address but we had already tried that & we have also verified that the DNS server addresses we put in FG-100A are working ok.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aha, i didnt know you had two isp links, that opens a whole new list of possibles.
Whats your static routing configuration ?
Do you have any policy routing setup ?
UK Based Technical Consultant
FCSE v2.5
FCSE v2.8
FCNSP v3
Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising
in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT
experience.
Not applicable
Created on 06-21-2006 03:34 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here we go again. Power is back; we have restarted the firewall & exactly the same problems.
Static :
IP Mask Gateway Device Distance
0.0.0.0 0.0.0.0 isp2 gateway address wan2 10
0.0.0.0 0.0.0.0 isp1 gateway address wan1 10
Policy :
# Incoming Outgoing Source Destination
14 internal dmz1 0.0.0.0 / 0.0.0.0 172.21.0.0 / 255.255.0.0 [Delete] [Edit] [Move To]
1 internal wan1 10.1.1.0 / 255.255.255.0 0.0.0.0 / 0.0.0.0 [Delete] [Edit] [Move To]
2 internal wan1 10.1.2.0 / 255.255.255.0 0.0.0.0 / 0.0.0.0 [Delete] [Edit] [Move To]
6 internal wan1 10.1.6.0 / 255.255.255.0 0.0.0.0 / 0.0.0.0 [Delete] [Edit] [Move To]
7 internal wan1 10.1.11.0 / 255.255.255.0 0.0.0.0 / 0.0.0.0 [Delete] [Edit] [Move To]
8 internal wan1 10.1.12.0 / 255.255.255.0 0.0.0.0 / 0.0.0.0 [Delete] [Edit] [Move To]
9 internal wan1 10.1.13.0 / 255.255.255.0 0.0.0.0 / 0.0.0.0 [Delete] [Edit] [Move To]
10 internal wan1 10.1.14.0 / 255.255.255.0 0.0.0.0 / 0.0.0.0 [Delete] [Edit] [Move To]
11 internal wan1 10.1.15.0 / 255.255.255.0 0.0.0.0 / 0.0.0.0 [Delete] [Edit] [Move To]
12 internal wan1 10.1.16.0 / 255.255.255.0 0.0.0.0 / 0.0.0.0 [Delete] [Edit] [Move To]
13 internal wan1 10.1.17.0 / 255.255.255.0 0.0.0.0 / 0.0.0.0 [Delete] [Edit] [Move To]
3 internal wan2 10.1.0.0 / 255.255.0.0 0.0.0.0 / 0.0.0.0
I hope that can help you help me !!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Move the Wan2 static route entry down in the list.
if that doesnt fix it, take out the wan2 entry and the policy route entry wan2 to see what happens, most definately a routing issue then.
Also ensure you have the ping server options configured in the wan1 and wan2 interface settings, so they can detect a link down.
probably the power failures are causing ping pongs between the links.
UK Based Technical Consultant
FCSE v2.5
FCSE v2.8
FCNSP v3
Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising
in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT
experience.
Not applicable
Created on 06-21-2006 03:57 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Wow !!
You are a GURU. Thanks a TON.
I just changed the distance of wan2 static route from 10 to 12 to indicate its the second choice & it is working like a rocket now.
All updates done in under 2 minutes.
One question. Will this affect my policy based routes? As you can see from the policy routes I posted I want only certain subnets to go through wan1 & all others through wan2.
Not applicable
Created on 06-21-2006 04:17 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well I am sorry to report that although wan1 is now working fine( with the changed statis route distance), browsing through wan2 has stopped.
Any ideas?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you do not change the distance, just the order of the routes (ie have wan1 at the top, not wan2). Changing the distance would effectively make the wan2 a backup link only.
UK Based Technical Consultant
FCSE v2.5
FCSE v2.8
FCNSP v3
Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising
in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT
experience.
Not applicable
Created on 06-21-2006 04:30 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any particular reason why wan2 should be in second position?
Right now I am changing the static routes positions. But if you can explain the question above it would be help me clear up my understanding.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this makes wan1 the primary link, and will be used for the updates and should then respond to pings. And hopefully resolve the issue.
Normally, you would create wan1 and wan2 with same distances, then only have policy routes for traffic that you want ' forced' down wan2. So you would then not need the wan1 entries in the policy routing.
There has to be a default wan connection, its a bit unclear i know. its also unpredictable sometimes, so if you can do without using wan2 altogether, except in case of a backup, thats even better..... 
UK Based Technical Consultant
FCSE v2.5
FCSE v2.8
FCNSP v3
Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising
in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT
experience.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,706 -
FortiClient
1,766 -
5.2
801 -
FortiManager
729 -
5.4
639 -
FortiAnalyzer
558 -
FortiSwitch
475 -
FortiAP
473 -
FortiClient EMS
434 -
6.0
416 -
5.6
362 -
FortiMail
318 -
6.2
251 -
SSL-VPN
246 -
FortiAuthenticator v5.5
234 -
IPsec
210 -
FortiWeb
205 -
5.0
196 -
FortiNAC
190 -
FortiGuard
139 -
6.4
128 -
SD-WAN
115 -
FortiAuthenticator
104 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
97 -
FortiToken
92 -
Firewall policy
82 -
Customer Service
79 -
Wireless Controller
79 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
52 -
vlan
51 -
ZTNA
49 -
Routing
46 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
43 -
FortiDNS
42 -
LDAP
41 -
BGP
40 -
Authentication
38 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
VDOM
30 -
FortiConnect
29 -
FortiLink
29 -
FortiWAN
27 -
Web profile
27 -
Application control
26 -
FortiConverter
25 -
Logging
25 -
FortiGate v5.2
24 -
Virtual IP
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
Traffic shaping
17 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
SSID
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
FortiGate-VM
13 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
Proxy policy
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
Web rating
6 -
API
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1713 | |
| 1093 | |
| 752 | |
| 447 | |
| 231 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.