Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Freederic
New Contributor

Created on ‎04-15-2023 11:24 AM Edited on ‎04-15-2023 11:28 PM

Fortigate block proxmox update

Hi,

 

I had a trouble ... or ignorance about a strange behavior.

My hardware installation :

FTG60D Situation.jpg

The setup of the Fortigate 60D is the basic setup from reset and upgrade firmware to 6.0.16.

 

So, On the debian station, i can update and install new packages.

On the proxmox PC, these features are blocked by fortigate :

 

root@pve:~# apt update
Err:1 http://ftp.fr.debian.org/debian bullseye InRelease
Temporary failure resolving 'ftp.fr.debian.org'
Err:2 http://security.debian.org bullseye-security InRelease
Temporary failure resolving 'security.debian.org'

...etc...
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
2 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch http://ftp.fr.debian.org/debian/dists/bullseye/InRelease Temporary failure resolving 'ftp.fr.debian.org'
W: Failed to fetch http://ftp.fr.debian.org/debian/dists/bullseye-updates/InRelease Temporary failure resolving 'ftp.fr.debian.org'
W: Failed to fetch http://security.debian.org/dists/bullseye-security/InRelease Temporary failure resolving 'security.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.
root@pve:~#

 

Please, advice.

Frederic

 

Labels:
1648
0 Kudos
4 REPLIES 4
abarushka
Staff
Staff

Created on ‎04-16-2023 02:08 AM

Hello,

 

It looks like there is an issue with DNS: "Temporary failure resolving 'ftp.fr.debian.org'". I would recommend to check whether ftp.fr.debian.orgsecurity.debian.org can be resolved.

FortiGate
1605
0 Kudos
Freederic
New Contributor
In response to abarushka

Created on ‎04-16-2023 02:37 AM

Thanks for your answer, but,

I ran this 'source' on another PC (linux debain too) without probleme.

whatever, I change this source to http://deb.debian.org, which is running on the second debian PC and got same trouble on the Proxmox PC.

 

My DNS "server" are the same on each PC I have : the internet ISP box : at 192.168.1.1 I test with Google DNS 8.8.8.8

Problem ONLY on this new installed Proxmox PC... which is running updates when I connect it directly on the ISP box.

 

As these PC are on the same range (172.xx.xx.xx) and I can access from th debian workstation to the Proxmox shares ...

that's why these tests make me think that the fortigate is blocking the "proxmox" station ... But, keep in mind, I a really newbee on fortigate and firewalls.

1601
0 Kudos
abarushka
Staff
Staff

Created on ‎04-16-2023 05:19 AM

Hello,

 

You may consider to sniff traffic "diagnose sniffer packet any 'host <source IP address>' 6 0 a", try to reproduce the issue, convert text to pcap file and check DNS resolution and http traffic flow (i.e. ftp.fr.debian.org) .

FortiGate
1596
0 Kudos
Freederic
New Contributor
In response to abarushka

Created on ‎04-17-2023 11:02 AM

Hi,
After hours to search about theses advices, I understood my knowedges are so limited. So, I go back to my small netgear switch with its configuration... nonexistent.

May be I need to read lot of pages to understand what I do and what I have to do.

Regards and thanks again.

1536
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.