Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiSASE Sovereign
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Fortigate 60F: Clients Lose Internet Despite Firew...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate 60F: Clients Lose Internet Despite Firewall Ping Success
Hi,
We are using a Fortigate 60F firewall and we have recently experienced internet unavilability issue which was automatically solved with a firewall restart in one case. Our setup includes four internet connections from different ISP's . We have SD-WAN rules for certain websites /services and some PC's are included in policy route rule so that they always use specific WAN interfaces.
The first time the issue occurred was , we had configured the firewall in Performace SLA to ping an IP such as 8.8.8.8. This Performace SLA rule would ping the mentioned IP from each internet interface to monitor its health for SD-WAN balancing. If the IP is unpingable from certain WAN interface then it makes the link as inactive. However, while the firewall was able to ping 8.8.8.8, the client PCs had no internet access.
On the client PC's which are included in Policy route we have added 2 ping automation tasks , one for 8.8.8.8 and another to ping google.com . The logs from those PC's had no request timeout for 8.8.8.8 ping , while it showed request timeouts for google.com on the same day, time and PC. We restarted the firewall but the issue was not solved. Eventually it got auto-resolved after we removed some WAN conenctions from Firewall and connected it to our network, in the same time we changed the IP address of Firewall so that the same IP could be added to removed WAN connection router for users to access internet . Later we checked the firewall internets it was working .
The second time it happened, we had set the firewall to ping google.com instead of 8.8.8.8 in the Performace SLA tab. When the issue occurred, the PCs using policy routes maintained internet connectivity without problems, but those configured with SD-WAN rules and Other clients who do not match the Policy route rules had no internet. Restarting the firewall resolved the issue this time.
But in this case at 4:39 AM all the WAN connection interfaces were made as down by the Firewall since it could not access google.com from those WAN's. But PC's mentioned in policy route were not affected with internet problem as we checked the ping logs and we did not find any request timeouts.
The problem seems very random, and None of the 4 internets had any issues as confirmed by the ISP's and we would like to know if anyone else has experienced the same issue or has suggestions on how to address it.
Any input is greatly appreciated.
Thank you.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
any recent updates on the FortiGate of the FortiOS ? what firmware are you running on it ?
"jack of all trades, master of none"
"jack of all trades, master of none"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are currently running v7.2.11 build 1740 ( Mature ) in Fortigate 60F.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SD-WAN can go wrong in so many ways. But I would first check the DNS... What DNS servers are you using on the FortiGate and on the clients?
Also, can you describe/post the configuration of your Performance SLA rule(s) and SD-WAN Rule(s)?
NSE 7
All oppinions/statements written here are my own.
NSE 7
All oppinions/statements written here are my own.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DNS values are used as 8.8.8.8 and 8.8.4.4 in System DNS of Fortigate. For the clients we have DC IP addresses , followed by 8.8.8.8 and 8.8.4.4 .
We have set Performance SLA rule(s) and SD-WAN Rules(s) as following:
firewall # show system sdwan
config system sdwan
set status enable
set load-balance-mode weight-based
config zone
edit "virtual-wan-link"
next
end
config members
edit 2
set interface "wan2"
set gateway 192.168.x.x
set priority 5
next
edit 4
set interface "internal5"
set gateway 192.168.x.x
set weight 3
next
edit 5
set interface "internal4"
set gateway 192.168.x.x
set weight 3
next
edit 6
set interface "internal3"
set gateway 192.168.x.x
set weight 2
set priority 2
next
edit 7
set interface "internal2"
set gateway 192.168.x.x
set priority 4
next
end
config health-check
edit "Test_Firewall_rule"
set server "cloudflare.com" "www.google.co.in"
set protocol http
set failtime 12
set recoverytime 4
set members 7 4 6 2 5
next
end
config service
edit 1
set name "forum_StaticIP"
set dst "Forum Access"
set src "all"
set priority-members 6 4 5
next
edit 2
set name "Servers-Whitelist"
set dst "Servers List"
set src "all"
set priority-members 4 5 6 7
next
edit 9
set name "Traces_site"
set dst "Traces_sites"
set src "all"
set priority-members 2 6 5
next
edit 7
set name "VPC_test1_nonstatic"
set dst "all"
set src "VPC-Test1 IP"
set priority-members 2
next
edit 10
set name "Other_Server_LoadBalence"
set dst "all"
set src "PC135 ip" "PC88 IP" "vpc_cloud"
set priority-members 4 5 6
next
edit 11
set name "PCs_Load_Balance"
set dst "all"
set src "PC101" "PC40" "PC97" "PC138"
set priority-members 4 5 6
next
edit 12
set name "SMS_API_rule"
set dst "all"
set src "PC163 ip" "PC12ip" "PC110 IP"
set priority-members 4 5 6
next
edit 13
set name "Load_Balance"
set dst "Test"
set src "all"
set priority-members 5 6
next
end
end
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh, one more question - very important: what FortiOS version are you using on your FGT-60F?
NSE 7
All oppinions/statements written here are my own.
NSE 7
All oppinions/statements written here are my own.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are currently running v7.2.11 build 1740 ( Mature ) in FortiGate 60F.
Labels
-
FortiGate
10,772 -
FortiClient
2,198 -
FortiManager
902 -
5.2
687 -
FortiAnalyzer
687 -
5.4
638 -
FortiSwitch
595 -
FortiClient EMS
578 -
FortiAP
568 -
IPsec
442 -
6.0
416 -
SSL-VPN
390 -
FortiMail
380 -
5.6
362 -
FortiNAC
297 -
FortiWeb
256 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SD-WAN
205 -
FortiAuthenticator
184 -
FortiGuard
161 -
5.0
152 -
Firewall policy
147 -
FortiGate-VM
140 -
6.4
128 -
FortiCloud Products
118 -
FortiToken
114 -
FortiSIEM
113 -
FortiGateCloud
113 -
Wireless Controller
96 -
High Availability
92 -
Customer Service
88 -
FortiProxy
79 -
SAML
77 -
ZTNA
77 -
Routing
76 -
DNS
74 -
Fortivoice
73 -
VLAN
73 -
BGP
72 -
FortiEDR
71 -
Authentication
71 -
FortiADC
69 -
Certificate
69 -
RADIUS
64 -
LDAP
63 -
FortiLink
59 -
SSO
57 -
FortiSandbox
55 -
NAT
55 -
FortiExtender
52 -
VDOM
50 -
4.0MR3
49 -
Interface
49 -
Application control
48 -
Virtual IP
44 -
FortiDNS
43 -
Logging
41 -
FortiGate v5.4
38 -
FortiSwitch v6.4
38 -
SSL SSH inspection
38 -
FortiPAM
37 -
Web profile
36 -
FortiConnect
35 -
Automation
35 -
FortiWAN
31 -
FortiConverter
31 -
API
29 -
FortiGate v5.2
28 -
Traffic shaping
26 -
Static route
26 -
Fortigate Cloud
25 -
SNMP
25 -
SSID
25 -
FortiSwitch v6.2
23 -
FortiPortal
23 -
System settings
22 -
WAN optimization
22 -
FortiMonitor
20 -
OSPF
20 -
Security profile
19 -
Web application firewall profile
19 -
Web rating
19 -
IP address management - IPAM
19 -
FortiSoar
18 -
FortiAP profile
17 -
FortiGate v5.0
16 -
FortiDDoS
16 -
Explicit proxy
16 -
Admin
15 -
IPS signature
15 -
Proxy policy
15 -
Intrusion prevention
15 -
FortiManager v4.0
14 -
FortiCASB
14 -
NAC policy
14 -
DNS filter
13 -
Users
13 -
FortiManager v5.0
12 -
FortiDeceptor
12 -
Traffic shaping policy
12 -
Fabric connector
12 -
Port policy
12 -
FortiBridge
11 -
FortiRecorder
11 -
Authentication rule and scheme
11 -
FortiAnalyzer v5.0
10 -
FortiWeb v5.0
10 -
Trunk
10 -
Traffic shaping profile
10 -
Fortinet Engage Partner Program
10 -
FortiGate v4.0 MR3
9 -
RMA Information and Announcements
9 -
Antivirus profile
9 -
FortiCache
8 -
FortiToken Cloud
8 -
Application signature
8 -
4.0
7 -
4.0MR2
7 -
Packet capture
7 -
VoIP profile
7 -
Vulnerability Management
7 -
FortiScan
6 -
FortiNDR
6 -
FortiCarrier
5 -
FortiTester
5 -
DLP profile
5 -
DLP sensor
5 -
DoS policy
5 -
Email filter profile
5 -
Protocol option
5 -
TACACS
5 -
Cloud Management Security
5 -
3.6
4 -
FortiDirector
4 -
Internet service database
4 -
DLP Dictionary
4 -
Netflow
4 -
Replacement messages
4 -
SDN connector
4 -
Service
4 -
Multicast routing
4 -
FortiEdge Cloud
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiAI
3 -
Kerberos
3 -
File filter
3 -
Multicast policy
3 -
FortiInsight
2 -
Video Filter
2 -
Schedule
2 -
ICAP profile
2 -
Zone
2 -
Lacework
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
FortiSASE
1 -
Virtual wire pair
1 -
FortiEdge
1 -
FortiAIOps
1
Top Kudoed Authors
| User | Count |
|---|---|
| 2679 | |
| 1412 | |
| 810 | |
| 704 | |
| 455 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.