My Fortigate 60E has a strange issue. Every 3-5 days internal clients cannot reach wan-side applications anymore, and a reboot of the fortigate fixes the issue always.
- ping to public IP's is still possible
- DNS gives timeouts (also from fortigate CLI not able to ping a hostname)
- Ping from internet to the WAN interface is also not replying anymore
- Inbound virtual servers are not reachable anymore
- Inbound IPsec VPN not reachable anymore
- Not any issue visible in event logs (only messages that forticloud cannot be reached)
What I did in trying to fix:
- configured SDWAN -> does not help
- configured SDWAN wan-failover -> when the issue occurs the healthcheck still reports wan1 as alive. -> when I switch the inbound internet line to the wan2 port immediately internal users can reach outside internet. When plugging the line back to wan1 the internet is again unreachable, DNS request times out.
- Simple setup, multi VLAN on a single physical interface
- Single internet line, no PPPoE, direct IP connection
- For DNS I use Open DNS
- Simple IPsec VPN for remote connectivity
- FortiOS 6.2.4
Since when do I have this problem?
- Seems that the issue started 6 weeks ago, after upgrade to 6.2.4.
- At the same time my 3 years support contract expired, so am not able to download new/old fw images... (sorry for that)
- Around the same time my fortiguard licenses expired, but I did not use fortiguard.
I captured some CLI output at the moment the issue is active. See attached.
Any ideas what could cause this behavior and how to solve?