Hi guys,
You'll have to bear with me here - it's been a while since I've done networking. Anyways, we recently picked up a FortiSwitch 108F and I'm having the hardest time getting it to be able to reach out to the internet when I configure a static IP.
When I set it to DHCP, it'll show up in FortiLAN and will show me a green FortiCloud icon in the dashboard of the GUI. When I set it to static, I lose NTP, FortiCloud access, (no doubt other things) and devices plugged in no longer have internet access.
What's confusing to me is when I use DHCP I can have it pull the default gateway from the "server", but changing it to static removes that option.
I've also tried setting a default route to 0.0.0.0/0 when using the static IP and pointing it to our router, but no dice (also, the only 2 options in device are None and internal??).
Thanks in advance for your support!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If I understand your question correctly, you need to setup static default gateway to the same gateway that is provided by your DHCP server.
Definitely sounds like a misconfigured default route. May I ask why you don't want to just use DHCP?
If you're configuring static IP can you first check that you can ping the default gateway IP address after configuring the static IP?
Next you can configure the default route using that gateway IP.
Are you sure youre pointing to the same default router as you get assigned in the DHCP lease?
Hi there. We could use DHCP, but we have a separate subnet for statically configured network devices.
Do you ping the gateway via \router\diagnostic ? Attaching the ping result, as far as I can tell, it succeeds. I've also attached screenshots of my options when selecting static & DHCP IPs for my internal interface as well as the static route.
10.101.1.1 is the same gateway that our DHCP server leases out, so I don't see why I'm getting issues when setting a single, static route with a destination of 0.0.0.0/0 to point to the same gateway address.
Ah I wonder if you're missing DNS configuration too... that would be a requirement for the switch to reach FortiLAN Cloud. Can you configure the DNS servers and test again?
DNS is configured as follows...a quick google leads me to believe they're pre-programmed Fortinet DNS servers:
208.91.112.53
208.91.112.52
Does the separate subnet for statically assigned devices have the correct firewall policies in place to access the internet from that subnet? What does a traceroute to 1.1.1.1 look like from the switch when it has the static IP configured on it?
Also I assume you are changing the VLAN on the upstream switch port when you're switching between the DHCP subnet and the static IP subnet? If you change from DHCP to static IP on the switch without changing its port's VLAN asisgnment it won't work. That's really obvious but I have to check. :)
Hi MidWestOpe,
I'm sorry if I seem a little confused but this is a FortiSwitch- where does it sit in your network?
Do you have a router (maybe provided by the internet service provider?) between the switch and the internet?
Are you able to provide a quick diagram of the network and it's IP addresses?
As it's a layer 2 switch it should be easy to connnect it to your router and statically set an IP address within the range of the router interface. You shouldn't really need to worry about default routes or gateways.
Kind Regards,
Andy.
Hey Andy, I'm with you - I feel like I should have just been able to jump on the GUI, change the password, IP & hostname and have it "just work".
ISP's Router -> DMZ switch -> our firewall (public IP) -> internal network switch -> Fortinet switch.
For anyone else with this issue, it turns out our time server (internal) wasn't working right, which couldn't update the time...which made the certificate validation fail when resolving Fortiswitch-dispatch.forticloud.com. I updated the time server to a public one and it started working & verified the DNS server programmed in could resolve the necessary fqdn.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.