Hi,
I am new to the fortigae 100F. I am trying to setup my laptop to access the internet. My issue is that from my laptop, i can ping 8.8.8.8 but i cannot surf any of the webpage.
Does anyone have any idea what could be the most possible issue?
Secondly, i discovered this firewall rule that cannot be deleted. Will this rule does anything?
Really hope someone can enlighten me, Thanks
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @rayha
You laptop need to have access to your DNS server. For example, if you are using 192.0.0.1 and it is hosted internally within your network, you need to ensure that after connecting the laptop behind FortiGate, you are still able to access ping or perform nslookup with the DNS server you configured. If I'm not mistaken, after you configure the DNS and IP manually, the access to the DNS server is not in place, hence you can't resolve to fortinet.com and unable to ping through it.
You can also manually change the DNS on your laptop to any of the public DNS Servers such as 8.8.8.8 and 8.8.4.4 to verify if the access is working. If it is, access to your internal DNS server will need to be checked.
Is there is a connectivity to 192.0.0.1 from Fortigate? Since 192.0.0.1 is not in same subnet as 192.168.40.50 (assuming 192.168.40. is /24), PC will try to reach the server via Fortigate. can you ping 192.0.0.1 from your PC when connected to Fortigate?
Hi Suraj,
Yes. i can ping 192.0.0.1 successfully on both the fortigate CLI command and the laptop's command prompt.
As per firewall route table, 192.0.0.1 is reachable via wan1? if not you need a new firewall policy from port1 to the port through which 192.0.0.1 is reachable and allow DNS .
Hi Suraj,
192.0.0.1 is reachable via wan1.
192.0.0.1 is actually my internet provider router IP address.
The firewall policy rule that you mention is it something similar as showed below?
The policy looks good, can you take a sniffer as below when pinging fortinet.com from PC.
diagnose sniffer packet any "port 53" 4 100
This will help us to confirm if DNS request is reaching/leaving firewall and if there are any response packet.
Hi,
Sorry for the late reply as i am overseas recently. Thank for your help and appreciate your patience.
Hi @rayha
You laptop need to have access to your DNS server. For example, if you are using 192.0.0.1 and it is hosted internally within your network, you need to ensure that after connecting the laptop behind FortiGate, you are still able to access ping or perform nslookup with the DNS server you configured. If I'm not mistaken, after you configure the DNS and IP manually, the access to the DNS server is not in place, hence you can't resolve to fortinet.com and unable to ping through it.
You can also manually change the DNS on your laptop to any of the public DNS Servers such as 8.8.8.8 and 8.8.4.4 to verify if the access is working. If it is, access to your internal DNS server will need to be checked.
Hi,
Thank for your reply.
As i am overseas recently, only manage to test it out.
Appreciate your suggestion
Hi @rayha ,
Could you take a look at this KB article of step 3 and step 4? Here we can make sure packet is hitting the Fortigate and if Fortigate is forwarding it out.
regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1690 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.