- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate 100F Cannot access internet
Hi,
I am new to the fortigae 100F. I am trying to setup my laptop to access the internet. My issue is that from my laptop, i can ping 8.8.8.8 but i cannot surf any of the webpage.
Does anyone have any idea what could be the most possible issue?
Secondly, i discovered this firewall rule that cannot be deleted. Will this rule does anything?
Really hope someone can enlighten me, Thanks
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @rayha
You laptop need to have access to your DNS server. For example, if you are using 192.0.0.1 and it is hosted internally within your network, you need to ensure that after connecting the laptop behind FortiGate, you are still able to access ping or perform nslookup with the DNS server you configured. If I'm not mistaken, after you configure the DNS and IP manually, the access to the DNS server is not in place, hence you can't resolve to fortinet.com and unable to ping through it.
You can also manually change the DNS on your laptop to any of the public DNS Servers such as 8.8.8.8 and 8.8.4.4 to verify if the access is working. If it is, access to your internal DNS server will need to be checked.
Kayzie Cheng
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You cannot delete/modify the Implicit Deny policy, this is for the traffic/packets not matching any policies.
Regarding internet access issue, can you make sure the firewall policy is allowing DNS (if you are using external DNS) and HTTP/HTTPS?
Also, please check the forward traffic logs to see if there are any reason for dropping the browsing traffic.
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Suraj,
Thank for the reply.
I had only one firewall rule as show below.
I had choose all for the services.
Just now i use my desktop Whatapps and managed to send out message to other party.
But still cannot surf internet.
I check the forward log and nothing special show up there.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Whats your DNS IP configured? Are you able to resolve domain names?
Can you perform "ping fortinet.com" from command line of your PC and share the result?
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Suraj,
My setup is simple.
Internet => Internet Provider Router => Fortigate => laptop
For testing purpose, i am using the fortiguard servers. You may see the below screenshot
This is the result from the ping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Suraj,
My bad. The ping result is as followed. Not successfully.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looks like the name resolution is not working. Can you check your DNS ? May be change it to 8.8.8.8 and then test it.
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Suraj,
When you mention change your DNS to 8.8.8.8. Does it mean what i show in the diagram below?
If yes, the outcome is still the same.
Actually, if i bypass the firewall and connect between my internet provider router and laptop, i can ping the fortinet.com.
But when i put back the firewall, i cannot ping the fortinet.com.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, this is DNS for fortigate. We need to check the DNS on your PC. Please run "ipconfig/all" to see DNS servers configured on your PC. If there is no DNS, please configure the same and test.
How do you get the IP on your machine? Manual configuration on DHCP from Fortigate? if DHCP from Fortigate, please check the DHCP configuration on Fortigate under interfaces to see the DNS specified.
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Suraj,
It works when i use DHCP and configure my DNS address with it. But if i am not using DHCP, is there any way to make it work? Let say my DNS server is 192.0.0.1.
Currently, i am manually configure my laptop IP address (192.168.40.51) and same is done for the Port 1 interface of the firewall (192.168.40.50). For this setup, i had problem in pinging the fortinet.com.