Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiSASE Sovereign
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Fortigate 60F: Clients Lose Internet Despite Firew...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate 60F: Clients Lose Internet Despite Firewall Ping Success
Hi,
We are using a Fortigate 60F firewall and we have recently experienced internet unavilability issue which was automatically solved with a firewall restart in one case. Our setup includes four internet connections from different ISP's . We have SD-WAN rules for certain websites /services and some PC's are included in policy route rule so that they always use specific WAN interfaces.
The first time the issue occurred was , we had configured the firewall in Performace SLA to ping an IP such as 8.8.8.8. This Performace SLA rule would ping the mentioned IP from each internet interface to monitor its health for SD-WAN balancing. If the IP is unpingable from certain WAN interface then it makes the link as inactive. However, while the firewall was able to ping 8.8.8.8, the client PCs had no internet access.
On the client PC's which are included in Policy route we have added 2 ping automation tasks , one for 8.8.8.8 and another to ping google.com . The logs from those PC's had no request timeout for 8.8.8.8 ping , while it showed request timeouts for google.com on the same day, time and PC. We restarted the firewall but the issue was not solved. Eventually it got auto-resolved after we removed some WAN conenctions from Firewall and connected it to our network, in the same time we changed the IP address of Firewall so that the same IP could be added to removed WAN connection router for users to access internet . Later we checked the firewall internets it was working .
The second time it happened, we had set the firewall to ping google.com instead of 8.8.8.8 in the Performace SLA tab. When the issue occurred, the PCs using policy routes maintained internet connectivity without problems, but those configured with SD-WAN rules and Other clients who do not match the Policy route rules had no internet. Restarting the firewall resolved the issue this time.
But in this case at 4:39 AM all the WAN connection interfaces were made as down by the Firewall since it could not access google.com from those WAN's. But PC's mentioned in policy route were not affected with internet problem as we checked the ping logs and we did not find any request timeouts.
The problem seems very random, and None of the 4 internets had any issues as confirmed by the ISP's and we would like to know if anyone else has experienced the same issue or has suggestions on how to address it.
Any input is greatly appreciated.
Thank you.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
any recent updates on the FortiGate of the FortiOS ? what firmware are you running on it ?
"jack of all trades, master of none"
"jack of all trades, master of none"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are currently running v7.2.11 build 1740 ( Mature ) in Fortigate 60F.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SD-WAN can go wrong in so many ways. But I would first check the DNS... What DNS servers are you using on the FortiGate and on the clients?
Also, can you describe/post the configuration of your Performance SLA rule(s) and SD-WAN Rule(s)?
NSE 7
All oppinions/statements written here are my own.
NSE 7
All oppinions/statements written here are my own.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DNS values are used as 8.8.8.8 and 8.8.4.4 in System DNS of Fortigate. For the clients we have DC IP addresses , followed by 8.8.8.8 and 8.8.4.4 .
We have set Performance SLA rule(s) and SD-WAN Rules(s) as following:
firewall # show system sdwan
config system sdwan
set status enable
set load-balance-mode weight-based
config zone
edit "virtual-wan-link"
next
end
config members
edit 2
set interface "wan2"
set gateway 192.168.x.x
set priority 5
next
edit 4
set interface "internal5"
set gateway 192.168.x.x
set weight 3
next
edit 5
set interface "internal4"
set gateway 192.168.x.x
set weight 3
next
edit 6
set interface "internal3"
set gateway 192.168.x.x
set weight 2
set priority 2
next
edit 7
set interface "internal2"
set gateway 192.168.x.x
set priority 4
next
end
config health-check
edit "Test_Firewall_rule"
set server "cloudflare.com" "www.google.co.in"
set protocol http
set failtime 12
set recoverytime 4
set members 7 4 6 2 5
next
end
config service
edit 1
set name "forum_StaticIP"
set dst "Forum Access"
set src "all"
set priority-members 6 4 5
next
edit 2
set name "Servers-Whitelist"
set dst "Servers List"
set src "all"
set priority-members 4 5 6 7
next
edit 9
set name "Traces_site"
set dst "Traces_sites"
set src "all"
set priority-members 2 6 5
next
edit 7
set name "VPC_test1_nonstatic"
set dst "all"
set src "VPC-Test1 IP"
set priority-members 2
next
edit 10
set name "Other_Server_LoadBalence"
set dst "all"
set src "PC135 ip" "PC88 IP" "vpc_cloud"
set priority-members 4 5 6
next
edit 11
set name "PCs_Load_Balance"
set dst "all"
set src "PC101" "PC40" "PC97" "PC138"
set priority-members 4 5 6
next
edit 12
set name "SMS_API_rule"
set dst "all"
set src "PC163 ip" "PC12ip" "PC110 IP"
set priority-members 4 5 6
next
edit 13
set name "Load_Balance"
set dst "Test"
set src "all"
set priority-members 5 6
next
end
end
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh, one more question - very important: what FortiOS version are you using on your FGT-60F?
NSE 7
All oppinions/statements written here are my own.
NSE 7
All oppinions/statements written here are my own.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are currently running v7.2.11 build 1740 ( Mature ) in FortiGate 60F.
Labels
-
FortiGate
10,666 -
FortiClient
2,172 -
FortiManager
896 -
5.2
687 -
FortiAnalyzer
683 -
5.4
638 -
FortiSwitch
590 -
FortiClient EMS
569 -
FortiAP
562 -
IPsec
424 -
6.0
416 -
SSL-VPN
385 -
FortiMail
374 -
5.6
362 -
FortiNAC
288 -
FortiWeb
253 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SD-WAN
198 -
FortiAuthenticator
180 -
FortiGuard
160 -
5.0
152 -
Firewall policy
145 -
FortiGate-VM
134 -
6.4
128 -
FortiCloud Products
116 -
FortiToken
114 -
FortiSIEM
113 -
FortiGateCloud
112 -
Wireless Controller
95 -
Customer Service
88 -
High Availability
87 -
FortiProxy
78 -
ZTNA
77 -
Routing
75 -
SAML
74 -
Fortivoice
73 -
DNS
72 -
VLAN
72 -
BGP
70 -
FortiEDR
69 -
Authentication
69 -
FortiADC
68 -
Certificate
66 -
RADIUS
62 -
LDAP
61 -
fortilink
57 -
SSO
54 -
NAT
54 -
FortiSandbox
53 -
FortiExtender
52 -
4.0MR3
49 -
vdom
48 -
Interface
46 -
Application control
46 -
FortiDNS
43 -
Logging
41 -
Virtual IP
41 -
FortiGate v5.4
38 -
FortiSwitch v6.4
38 -
FortiPAM
37 -
SSL SSH inspection
36 -
FortiConnect
35 -
Web profile
35 -
Automation
33 -
FortiWAN
31 -
FortiConverter
30 -
FortiGate v5.2
28 -
Traffic shaping
26 -
API
26 -
Static route
26 -
SNMP
25 -
SSID
25 -
FortiSwitch v6.2
23 -
FortiPortal
23 -
Fortigate Cloud
23 -
System settings
22 -
WAN optimization
21 -
FortiMonitor
20 -
OSPF
20 -
Security profile
19 -
Web rating
19 -
FortiSoar
18 -
Web application firewall profile
18 -
IP address management - IPAM
18 -
FortiGate v5.0
16 -
FortiDDoS
16 -
Explicit proxy
16 -
FortiAP profile
16 -
Admin
15 -
IPS signature
15 -
Proxy policy
15 -
Intrusion prevention
15 -
FortiCASB
14 -
NAC policy
14 -
FortiManager v4.0
13 -
DNS filter
13 -
FortiManager v5.0
12 -
FortiDeceptor
12 -
users
12 -
Traffic shaping policy
12 -
Fabric connector
12 -
Port policy
12 -
FortiBridge
11 -
FortiRecorder
11 -
FortiAnalyzer v5.0
10 -
FortiWeb v5.0
10 -
Trunk
10 -
Traffic shaping profile
10 -
Authentication rule and scheme
10 -
Fortinet Engage Partner Program
10 -
FortiGate v4.0 MR3
9 -
RMA Information and Announcements
9 -
Antivirus profile
9 -
FortiCache
8 -
FortiToken Cloud
8 -
4.0
7 -
4.0MR2
7 -
Packet capture
7 -
Application signature
7 -
VoIP profile
7 -
Vulnerability Management
7 -
FortiScan
6 -
FortiCarrier
5 -
FortiNDR
5 -
FortiTester
5 -
DLP profile
5 -
DLP sensor
5 -
DoS policy
5 -
Email filter profile
5 -
Protocol option
5 -
TACACS
5 -
Cloud Management Security
5 -
3.6
4 -
FortiDirector
4 -
Internet service database
4 -
DLP Dictionary
4 -
Netflow
4 -
Replacement messages
4 -
SDN connector
4 -
Service
4 -
Multicast routing
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiAI
3 -
Kerberos
3 -
File filter
3 -
Multicast policy
3 -
FortiEdge Cloud
3 -
FortiInsight
2 -
Video Filter
2 -
Schedule
2 -
ICAP profile
2 -
Zone
2 -
Lacework
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
FortiSASE
1 -
Virtual wire pair
1 -
FortiEdge
1 -
FortiAIOps
1
Top Kudoed Authors
| User | Count |
|---|---|
| 2624 | |
| 1393 | |
| 804 | |
| 670 | |
| 455 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.