Hi,
I am new to the fortigae 100F. I am trying to setup my laptop to access the internet. My issue is that from my laptop, i can ping 8.8.8.8 but i cannot surf any of the webpage.
Does anyone have any idea what could be the most possible issue?
Secondly, i discovered this firewall rule that cannot be deleted. Will this rule does anything?
Really hope someone can enlighten me, Thanks
Solved! Go to Solution.
Hi @rayha
You laptop need to have access to your DNS server. For example, if you are using 192.0.0.1 and it is hosted internally within your network, you need to ensure that after connecting the laptop behind FortiGate, you are still able to access ping or perform nslookup with the DNS server you configured. If I'm not mistaken, after you configure the DNS and IP manually, the access to the DNS server is not in place, hence you can't resolve to fortinet.com and unable to ping through it.
You can also manually change the DNS on your laptop to any of the public DNS Servers such as 8.8.8.8 and 8.8.4.4 to verify if the access is working. If it is, access to your internal DNS server will need to be checked.
You cannot delete/modify the Implicit Deny policy, this is for the traffic/packets not matching any policies.
Regarding internet access issue, can you make sure the firewall policy is allowing DNS (if you are using external DNS) and HTTP/HTTPS?
Also, please check the forward traffic logs to see if there are any reason for dropping the browsing traffic.
Hi Suraj,
Thank for the reply.
I had only one firewall rule as show below.
I had choose all for the services.
Just now i use my desktop Whatapps and managed to send out message to other party.
But still cannot surf internet.
I check the forward log and nothing special show up there.
Whats your DNS IP configured? Are you able to resolve domain names?
Can you perform "ping fortinet.com" from command line of your PC and share the result?
Hi Suraj,
My setup is simple.
Internet => Internet Provider Router => Fortigate => laptop
For testing purpose, i am using the fortiguard servers. You may see the below screenshot
This is the result from the ping
Hi Suraj,
My bad. The ping result is as followed. Not successfully.
Looks like the name resolution is not working. Can you check your DNS ? May be change it to 8.8.8.8 and then test it.
Hi Suraj,
When you mention change your DNS to 8.8.8.8. Does it mean what i show in the diagram below?
If yes, the outcome is still the same.
Actually, if i bypass the firewall and connect between my internet provider router and laptop, i can ping the fortinet.com.
But when i put back the firewall, i cannot ping the fortinet.com.
No, this is DNS for fortigate. We need to check the DNS on your PC. Please run "ipconfig/all" to see DNS servers configured on your PC. If there is no DNS, please configure the same and test.
How do you get the IP on your machine? Manual configuration on DHCP from Fortigate? if DHCP from Fortigate, please check the DHCP configuration on Fortigate under interfaces to see the DNS specified.
Hi Suraj,
It works when i use DHCP and configure my DNS address with it. But if i am not using DHCP, is there any way to make it work? Let say my DNS server is 192.0.0.1.
Currently, i am manually configure my laptop IP address (192.168.40.51) and same is done for the Port 1 interface of the firewall (192.168.40.50). For this setup, i had problem in pinging the fortinet.com.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.