Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rayha
New Contributor III

Fortigate 100F Cannot access internet

Hi,

     I am new to the fortigae 100F. I am trying to setup my laptop to access the internet. My issue is that from my laptop, i can ping 8.8.8.8 but i cannot surf any of the webpage.

 

   Does anyone have any idea what could be the most possible issue? 

 

   Secondly, i discovered this firewall rule that cannot be deleted. Will this rule does anything?

 

Screenshot 2024-01-08 134944.jpg   Really hope someone can enlighten me, Thanks

 

1 Solution
kcheng

Hi @rayha 

 

You laptop need to have access to your DNS server. For example, if you are using 192.0.0.1 and it is hosted internally within your network, you need to ensure that after connecting the laptop behind FortiGate, you are still able to access ping or perform nslookup with the DNS server you configured. If I'm not mistaken, after you configure the DNS and IP manually, the access to the DNS server is not in place, hence you can't resolve to fortinet.com and unable to ping through it.

 

You can also manually change the DNS on your laptop to any of the public DNS Servers such as 8.8.8.8 and 8.8.4.4 to verify if the access is working. If it is, access to your internal DNS server will need to be checked.

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

18 REPLIES 18
srajeswaran
Staff
Staff

You cannot delete/modify the Implicit Deny policy, this is for the traffic/packets not matching any policies.

Regarding internet access issue, can you make sure the firewall policy is allowing DNS (if you are using external DNS) and HTTP/HTTPS?

Also, please check the forward traffic logs to see if there are any reason for dropping the browsing traffic.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
rayha
New Contributor III

Hi Suraj,

         Thank for the reply.

         I had only one firewall rule as show below.

         I had choose all for the services.

     

       Screenshot 2024-01-08 134944.jpg

     Just now i use my desktop Whatapps and managed to send out message to other party. 

     But still cannot surf internet.

     I check the forward log and nothing special show up there. 

srajeswaran

Whats your DNS IP configured? Are you able to resolve domain names?

Can you perform "ping fortinet.com" from command line of your PC and share the result?

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
rayha
New Contributor III

Hi Suraj,

       My setup is simple.

Internet => Internet Provider Router => Fortigate => laptop   

 

       For testing purpose, i am using the fortiguard servers. You may see the below screenshot

 

    Screenshot 2024-01-08 150347.jpg

This is the result from the ping

Screenshot 2024-01-08 150231.jpg

rayha
New Contributor III

Hi Suraj,

 

    My bad. The ping result is as followed. Not successfully.

Screenshot 2024-01-08 150231.jpg

srajeswaran

Looks like the name resolution is not working. Can you check your DNS ? May be change it to 8.8.8.8 and then test it.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
rayha
New Contributor III

Hi Suraj,

 

    When you mention change your DNS to 8.8.8.8. Does it mean what i show in the diagram below?

Screenshot 2024-01-08 150231.jpg

 

If yes, the outcome is still the same.

Actually, if i bypass the firewall and connect between my internet provider router and laptop, i can ping the fortinet.com. 

But when i put back the firewall, i cannot ping the fortinet.com. 

srajeswaran

No, this is DNS for fortigate. We need to check the DNS on your PC. Please run "ipconfig/all" to see DNS servers configured on your PC. If there is no DNS, please configure the same and test.
How do you get the IP on your machine? Manual configuration on DHCP from Fortigate? if DHCP from Fortigate, please check the DHCP configuration on Fortigate under interfaces to see the DNS specified.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
rayha
New Contributor III

Hi Suraj,

 

      It works when i use DHCP and configure my DNS address with it. But if i am not using DHCP, is there any way to make it work? Let say my DNS server is 192.0.0.1. 

 

     Currently, i am manually configure my laptop IP address (192.168.40.51) and same is done for the Port 1 interface of the firewall (192.168.40.50). For this setup, i had problem in pinging the fortinet.com.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors