Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Freederic
New Contributor

Fortigate block proxmox update

Hi,

 

I had a trouble ... or ignorance about a strange behavior.

My hardware installation :

FTG60D Situation.jpg

The setup of the Fortigate 60D is the basic setup from reset and upgrade firmware to 6.0.16.

 

So, On the debian station, i can update and install new packages.

On the proxmox PC, these features are blocked by fortigate :

 

root@pve:~# apt update
Err:1 http://ftp.fr.debian.org/debian bullseye InRelease
Temporary failure resolving 'ftp.fr.debian.org'
Err:2 http://security.debian.org bullseye-security InRelease
Temporary failure resolving 'security.debian.org'

...etc...
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
2 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch http://ftp.fr.debian.org/debian/dists/bullseye/InRelease Temporary failure resolving 'ftp.fr.debian.org'
W: Failed to fetch http://ftp.fr.debian.org/debian/dists/bullseye-updates/InRelease Temporary failure resolving 'ftp.fr.debian.org'
W: Failed to fetch http://security.debian.org/dists/bullseye-security/InRelease Temporary failure resolving 'security.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.
root@pve:~#

 

Please, advice.

Frederic

 

4 REPLIES 4
abarushka
Staff
Staff

Hello,

 

It looks like there is an issue with DNS: "Temporary failure resolving 'ftp.fr.debian.org'". I would recommend to check whether ftp.fr.debian.orgsecurity.debian.org can be resolved.

FortiGate
Freederic

Thanks for your answer, but,

I ran this 'source' on another PC (linux debain too) without probleme.

whatever, I change this source to http://deb.debian.org, which is running on the second debian PC and got same trouble on the Proxmox PC.

 

My DNS "server" are the same on each PC I have : the internet ISP box : at 192.168.1.1 I test with Google DNS 8.8.8.8

Problem ONLY on this new installed Proxmox PC... which is running updates when I connect it directly on the ISP box.

 

As these PC are on the same range (172.xx.xx.xx) and I can access from th debian workstation to the Proxmox shares ...

that's why these tests make me think that the fortigate is blocking the "proxmox" station ... But, keep in mind, I a really newbee on fortigate and firewalls.

abarushka
Staff
Staff

Hello,

 

You may consider to sniff traffic "diagnose sniffer packet any 'host <source IP address>' 6 0 a", try to reproduce the issue, convert text to pcap file and check DNS resolution and http traffic flow (i.e. ftp.fr.debian.org) .

FortiGate
Freederic

Hi,
After hours to search about theses advices, I understood my knowedges are so limited. So, I go back to my small netgear switch with its configuration... nonexistent.

May be I need to read lot of pages to understand what I do and what I have to do.

Regards and thanks again.

Labels
Top Kudoed Authors