Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rayha
New Contributor III

Created on ‎01-07-2024 09:53 PM

Fortigate 100F Cannot access internet

Hi,

     I am new to the fortigae 100F. I am trying to setup my laptop to access the internet. My issue is that from my laptop, i can ping 8.8.8.8 but i cannot surf any of the webpage.

 

   Does anyone have any idea what could be the most possible issue? 

 

   Secondly, i discovered this firewall rule that cannot be deleted. Will this rule does anything?

 

Screenshot 2024-01-08 134944.jpg   Really hope someone can enlighten me, Thanks

 

Labels:
1984
0 Kudos
1 Solution
kcheng
Staff
Staff
In response to rayha

Created on ‎01-08-2024 10:56 PM

Hi @rayha 

 

You laptop need to have access to your DNS server. For example, if you are using 192.0.0.1 and it is hosted internally within your network, you need to ensure that after connecting the laptop behind FortiGate, you are still able to access ping or perform nslookup with the DNS server you configured. If I'm not mistaken, after you configure the DNS and IP manually, the access to the DNS server is not in place, hence you can't resolve to fortinet.com and unable to ping through it.

 

You can also manually change the DNS on your laptop to any of the public DNS Servers such as 8.8.8.8 and 8.8.4.4 to verify if the access is working. If it is, access to your internal DNS server will need to be checked.

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

1430
18 REPLIES 18
srajeswaran
Staff
Staff
In response to rayha

Created on ‎01-08-2024 01:52 AM

Is there is a connectivity to 192.0.0.1 from Fortigate? Since 192.0.0.1 is not in same subnet as 192.168.40.50 (assuming 192.168.40. is /24), PC will try to reach the server via Fortigate. can you ping 192.0.0.1 from your PC when connected to Fortigate?

 

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

784
rayha
New Contributor III
In response to srajeswaran

Created on ‎01-08-2024 02:20 AM

Hi Suraj,

 

     Yes. i can ping 192.0.0.1 successfully on both the fortigate CLI command and the laptop's command prompt. 

779
0 Kudos
srajeswaran
Staff
Staff
In response to rayha

Created on ‎01-08-2024 03:46 AM

As per firewall route table, 192.0.0.1 is reachable via wan1? if not you need a new firewall policy from port1 to the port through which 192.0.0.1 is reachable and allow DNS .

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

762
rayha
New Contributor III
In response to srajeswaran

Created on ‎01-08-2024 07:33 PM

Hi Suraj,

    

      192.0.0.1 is reachable via wan1.

      192.0.0.1 is actually my internet provider router IP address. 

 

     The firewall policy rule that you mention is it something similar as showed below?

test1.jpg

 

740
0 Kudos
srajeswaran
Staff
Staff
In response to rayha

Created on ‎01-09-2024 01:18 AM

The policy looks good, can you take a sniffer as below when pinging fortinet.com from PC.

diagnose sniffer packet any "port 53" 4 100

 

This will help us to confirm if DNS request is reaching/leaving firewall and if there are any response packet.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

712
0 Kudos
rayha
New Contributor III
In response to rayha

Created on ‎01-24-2024 06:06 PM

Hi,

     Sorry for the late reply as i am overseas recently. Thank for your help and appreciate your patience.

 

492
0 Kudos
kcheng
Staff
Staff
In response to rayha

Created on ‎01-08-2024 10:56 PM

Hi @rayha 

 

You laptop need to have access to your DNS server. For example, if you are using 192.0.0.1 and it is hosted internally within your network, you need to ensure that after connecting the laptop behind FortiGate, you are still able to access ping or perform nslookup with the DNS server you configured. If I'm not mistaken, after you configure the DNS and IP manually, the access to the DNS server is not in place, hence you can't resolve to fortinet.com and unable to ping through it.

 

You can also manually change the DNS on your laptop to any of the public DNS Servers such as 8.8.8.8 and 8.8.4.4 to verify if the access is working. If it is, access to your internal DNS server will need to be checked.

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
1431
rayha
New Contributor III
In response to kcheng

Created on ‎01-24-2024 06:05 PM

Hi,

     Thank for your reply. 

     As i am overseas recently, only manage to test it out.

     Appreciate your suggestion

 

494
0 Kudos
hhasny
Staff
Staff

Created on ‎01-08-2024 08:39 PM

Hi @rayha ,

Could you take a look at this KB article of step 3 and step 4? Here we can make sure packet is hitting the Fortigate and if Fortigate is forwarding it out.

 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

 

regards,

734
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.