I have rebooted and error is Fortigate cloud not managed ..... the model is Fortinet F-60 with firmware 7.4.6

That would be just nortification if you're not using FortiGate Cloud since by default any FGT tries to connec to FortiCloud. So it's not giving you any clue why user can't get through the FGT and browse the internet. If urgent, again, call in TAC.

Otherwise, you need to go through troubleshooting using CLI starting with 1) sniffing if the traffic is getting through but not getting replies from the internet. If not going out, 2) run flow debugging to find out why the FGT is dropping the traffic. and so on.

Toshi

Hi @ADDING ,

First of all, let's use the correct term:  Your FortiGate is FGT 60F, not Fortinet F-60.

If you have created a correct firewall policy, FGT will allow traffic to the Internet even if there is no valid license.

So please:

1) Share your firewall policy allowing users for Internet access;

2) Run a sniffer capture to confirm whether the traffic leaving FGT or not (Assume you have a PC with IP x.x.x.x and test it with Ping):

diag sniffer packet any 'host x.x.x.x and icmp' 4 

Please do NOT test it with a continuous Ping.

If you see ICMP echo request leaving FGT with your WAN interface IP or an IP pool address you configured, this is not a FGT issue;

If you see ICMP echo request leaving FGT with your client IP, this might be due to no NAT in the firewall policy.

If you see ICMP echo request coming to FGT but not leaving FGT,  this might be something denying the traffic on FGT.  Please run debug flow commands for more details with the following CLI commands:

diag debug flow show iprope enable

diag debug flow filter proto 1

diag debug flow filter addr 4.2.2.2   // Assuming you are pinging 4.2.2.2

diag debug flow trace start 20

diag deubg enable

Then Ping to 4.2.2.2.  Again, please do NOT run continuous Ping.