Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
To12
New Contributor

Created on ‎05-07-2023 12:03 PM

I can’t get internet

 

 

Good morning,
I'm trying to configure my fortigate but I can't.... could you help me?

I can't get internet...

I have enabled DMZ on my router. I plugged the fortigate into the DMZ of my SFR router.

my WAN1 is in DHCP, it retrieves an IP from my router: 192.168.1.20/24
I put it in IP STATIC

My LAN1 is at 192.168.100.1, and I activated DHCP on it: 192.168.100.20 - 210

I created a static route:
dynamic gateway: yes
destination: 0.0.0.0/0.0.0.0
interface: WAN1
gateway: 192.168.1.1 (ip of my router)
administrative distance: 10
status: activated

IPV4 rule:
incoming interface: WAN1
output interface: LAN1
source: ALL
Destination: ALL
Scheduling: always
department: ALL
Action: accept
enable NAT: yes
IP pool configuration: use outgoing interface address
enable this policy: yes

anyway, it doesn't work...i don't understand why...
can you help me ?

 

Labels:
1125
0 Kudos
7 REPLIES 7
parteeksharma
Staff
Staff

Created on ‎05-07-2023 12:34 PM

Hi To12,

Please let me know if you are able to reach internet from fortigate? you can check this via initiating the traffic from fortigate cli for 8.8.8.8. Also please share the below command outputs to check:

* Execute the following commands:

get router info routing-table all
get router info routing-table database
get router info routing-table details <next-hop IP address>
get router info routing-table details 8.8.8.8
get sys arp


Regards,
Parteek

1111
0 Kudos
To12
New Contributor
In response to parteeksharma

Created on ‎05-07-2023 12:50 PM

IMG_2442.jpeg

1097
0 Kudos
To12
New Contributor
In response to parteeksharma

Created on ‎05-07-2023 12:54 PM

get router info routing-table all

IMG_2444.jpeg

1091
0 Kudos
To12
New Contributor

Created on ‎05-07-2023 12:49 PM

IMG_2441.jpeg

1098
0 Kudos
FortiNitish
Staff
Staff

Created on ‎05-07-2023 11:55 PM

I could see that you have a route towards the internet through WAN1.

 

Requesting you to collect the debug logs to understand where it is getting dropped

 

diagnose debug enable

diagnose debug flow filter daddr 8.8.8.8

diagnose debug flow filter saddr x.x.x.x    (x.x.x.x is your source PC IP)

diagnose debug flow show function-name enable

diagnose debug flow trace start 1000
diagnose debug enable

 

After running the above commands please try to ping to 8.8.8.8 from the PC.

Please share the collected logs

1037
0 Kudos
tthrilok
Staff
Staff

Created on ‎05-08-2023 12:23 AM

Hi To12,

 

Thank you for the query!

 

I see routing info is correct, however from the ipv4 rule configuration you shared:

 

IPV4 rule:
incoming interface: WAN1  <<<<<<<<<<<<< incoming is WAN1
output interface: LAN1  <<<<<<<<<<<<<<<<< outgoing is LAN1
source: ALL
Destination: ALL
Scheduling: always
department: ALL
Action: accept
enable NAT: yes
IP pool configuration: use outgoing interface address

 

+ From the routing table I see you have route via WAN1 for internet, and I believe your LAN1 is the interface on which you have connected your users.

+ Could you try by interchanging the interfaces.

 

IPV4 rule:
incoming interface: LAN1  <<<<<<<<<<<<< incoming is LAN1
output interface: WAN1  <<<<<<<<<<<<<<<<< outgoing is WAN1
source: ALL
Destination: ALL
Scheduling: always
department: ALL
Action: accept
enable NAT: yes
IP pool configuration: use outgoing interface address

 

+ Please try as above and confirm if your internet is working!

 

Thank you!

Thallapelly Thrilok.

1030
0 Kudos
To12
New Contributor

Created on ‎05-08-2023 01:30 AM

Hello everyone,

thank you for your feedback.

thanks to my new configuration I ping 8.8.8.8 and 8.8.4.4 !!

but I can't access the google web page....
I can't access any web page...

Can you help me please ?

1021
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.