Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

I can´t access the internet on the LAN

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]Translated by Bing:[/style][/style]


[style="vertical-align: inherit;"][style="vertical-align: inherit;"]I have a FortiWifi 61E with the firmware v 6.0.2 and connected the Fortigate to the WAN for Internet access (the Fortigate has internet Access) and LAN connected a laptop computer. From the LAN I can not access the internet, I have everything well configured but in the policies of IPv4, which comes by default, denying everything seems to be the one that is taking away the Internet access. I've created two policies that are up and say they accept all the traffic coming from my LAN to the Internet. In origin, is a group that I created with the IP of my internal network and the destination is an address I created pointing to the IP range that is the router, which is different from the Intranet. Do you know what the problem is that it does not navigate on the laptop? The laptop says it has Internet access because the Internet icon shows Internet access, It doesn't seem to be limited.[/style][/style]


[style="vertical-align: inherit;"][style="vertical-align: inherit;"]Original text:[/style][/style]


[style="vertical-align: inherit;"][style="vertical-align: inherit;"]Tengo un FortiWifi 61E con el firmware v6.0.2 y conecté el Fortigate a la WAN para el acceso a Internet (el fortigate tiene acceso a Internet) y por LAN conecté una computadora portátil.[/style][/style]

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]Desde la LAN no puedo acceder a Internet, tengo todo bien configurado pero en las Políticas de IPv4, la que viene por defecto, negando todo parece ser la que me está quitando el acceso a Internet.[/style][/style]

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]He creado dos políticas que están arriba y dicen que aceptan todo el tráfico que viene de mi LAN a Internet. [/style][/style] [style="vertical-align: inherit;"][style="vertical-align: inherit;"]En origen, es un grupo que creé con la IP de mi red interna y el destino es una dirección que creé apuntando al rango de IP que es el enrutador, que es diferente de la intranet.[/style][/style]

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]¿Sabes cuál puede ser el problema que no navega en la computadora portátil?[/style][/style]

[style="vertical-align: inherit;"][style="vertical-align: inherit;"]La computadora portátil dice que tiene acceso a Internet ya que el ícono de Internet muestra acceso a Internet, no parece estar limitado.[/style][/style]


Did you enable NAT on the outbount internet policy?


It should be:


Source-Interface: your LAN

Destination-Interface: your WAN (where your internet is)

Source: your LAN Subnet

Destination: any

Service: any

NAT: enabled using ip of destination interface (DNAT)


Clients in your LAN then have to have the Fortigate (i.e. its LAN ip) as default gateway plus at least one valid dns server.


"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

Yes, I have DNAT activated with the following configuration:

Interface: Any IP Address / External Range: - (Range to go online) IP address / Range IP mapped: - (IP of the intranet)

Optional filters: Disabled Port forwarding: disabled


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors