Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MidwestOpe
New Contributor

No Internet with static IP - FortiSwitch 108F

Hi guys,

 

You'll have to bear with me here - it's been a while since I've done networking. Anyways, we recently picked up a FortiSwitch 108F and I'm having the hardest time getting it to be able to reach out to the internet when I configure a static IP.

 

When I set it to DHCP, it'll show up in FortiLAN and will show me a green FortiCloud icon in the dashboard of the GUI. When I set it to static, I lose NTP, FortiCloud access, (no doubt other things) and devices plugged in no longer have internet access.

 

What's confusing to me is when I use DHCP I can have it pull the default gateway from the "server", but changing it to static removes that option.

 

I've also tried setting a default route to 0.0.0.0/0 when using the static IP and pointing it to our router, but no dice (also, the only 2 options in device are None and internal??).

 

Thanks in advance for your support!

9 REPLIES 9
adambomb1219
Contributor III

If I understand your question correctly, you need to setup static default gateway to the same gateway that is provided by your DHCP server.

gfleming
Staff
Staff

Definitely sounds like a misconfigured default route. May I ask why you don't want to just use DHCP?


If you're configuring static IP can you first check that you can ping the default gateway IP address after configuring the static IP?

 

Next you can configure the default route using that gateway IP.

 

Are you sure youre pointing to the same default router as you get assigned in the DHCP lease?

Cheers,
Graham
MidwestOpe

Hi there. We could use DHCP, but we have a separate subnet for statically configured network devices. 

 

Do you ping the gateway via \router\diagnostic ? Attaching the ping result, as far as I can tell, it succeeds. I've also attached screenshots of my options when selecting static & DHCP IPs for my internal interface as well as the static route.

 

10.101.1.1 is the same gateway that our DHCP server leases out, so I don't see why I'm getting issues when setting a single, static route with a destination of 0.0.0.0/0 to point to the same gateway address.

 

 

 ping resultsping results

no gateway option for static IPno gateway option for static IPsingle, default routesingle, default routegateway option shows up when selecting DHCPgateway option shows up when selecting DHCP

 

gfleming

Ah I wonder if you're missing DNS configuration too... that would be a requirement for the switch to reach FortiLAN Cloud. Can you configure the DNS servers and test again?

Cheers,
Graham
MidwestOpe

DNS is configured as follows...a quick google leads me to believe they're pre-programmed Fortinet DNS servers:

208.91.112.53

208.91.112.52

gfleming

Does the separate subnet for statically assigned devices have the correct firewall policies in place to access the internet from that subnet? What does a traceroute to 1.1.1.1 look like from the switch when it has the static IP configured on it?

 

Also I assume you are changing the VLAN on the upstream switch port when you're switching between the DHCP subnet and the static IP subnet? If you change from DHCP to static IP on the switch without changing its port's VLAN asisgnment it won't work. That's really obvious but I have to check. :)

Cheers,
Graham
AndyNZ
New Contributor III

Hi MidWestOpe,

 

I'm sorry if I seem a little confused but this is a FortiSwitch- where does it sit in your network?

 

Do you have a router (maybe provided by the internet service provider?) between the switch and the internet?

 

Are you able to provide a quick diagram of the network and it's IP addresses?

 

As it's a layer 2 switch it should be easy to connnect it to your router and statically set an IP address within the range of the router interface. You shouldn't really need to worry about default routes or gateways.

 

Kind Regards,

 

 

Andy.

Andy Bailey, Christchurch, New Zealand
Andy Bailey, Christchurch, New Zealand
MidwestOpe

Hey Andy, I'm with you - I feel like I should have just been able to jump on the GUI, change the password, IP & hostname and have it "just work". 

 

ISP's Router -> DMZ switch -> our firewall (public IP) -> internal network switch  -> Fortinet switch. 

MidwestOpe
New Contributor

For anyone else with this issue, it turns out our time server (internal) wasn't working right, which couldn't update the time...which made the certificate validation fail when resolving Fortiswitch-dispatch.forticloud.com. I updated the time server to a public one and it started working & verified the DNS server programmed in could resolve the necessary fqdn.

Labels
Top Kudoed Authors