I'm trying to setup a Fortigate 200E at a new remote site with a someone there to assist me.
As it was a fresh install, I did not follow the upgrade path, instead getting my remote assistant to upload FGT_200E-v7.4.3.F-build2573-FORTINET.out, and then rebooting, doing an "execute factoryreset", then another reboot for good measure.
I got my assistant to do some initial config: set a secure password, set HTTPS and SSH admin to obscure high ports, and enabled HTTPS and SSH and ping on the WAN1 interface.
WAN1 interface is dhcp enabled, connecting to ISP firewall which is assigning it a private 10.x.x.x address. We requested the ISP to open up these ports on their firewall, so I could remotely log in to continue firewall configuration.
This is where behaviour gets odd.
I can browse to our public IP on the HTTPS port I set, and see the default (insecure) Fortigate certificate, so I know my web traffic is getting through, but I see nothing in the browser, and the browser tab shows rotating circle indicating it is still trying to load the page.
I can also ssh to the public IP on the SSH port I set.
However, the ssh session appears to hang if I do certain things, and consistently.
For example, if I run "show" command, it hangs always at the same part of the config (near interfaces).
Also, if I try to view firewall event logs, with the following commands, my ssh session consistently freezes:
FortiGate-200E # execute log filter category 1
FortiGate-200E # execute log display
Interestingly I'm also running Wireshark on my machine, and it looks to me like the Fortigate simply stops responding, rather than my connection dropping, as afterwards, whenever I hit a key in my ssh session, I see my machine sending PSH/ACK packets and the Fortigate responding with ACKs, even though I see nothing on the screen- the TCP session remains up.
I'm wondering whether this could be an ISP issue, but due to the consistency of these 'freezes', I think it's the Fortigate.
This page has a post from someone with very similar issues to me, and the responses suggest corrupted flash:
Since my Fortigate 200E has no hard disk, I believe it stores event logs and config in flash. So could a corruption in flash be the reason my ssh session freezes when trying to display the config or read the event logs?
One final odd thing I don't understand, is that my assistant, who has a machine connected locally to the management port of the Fortigate, can log in fine to the GUI (which must also retrieve the config from flash to display GUI), and even look at event logs in the GUI fine, so doesn't that invalidate my theory?
For the record, this is a new (but 3 years old) boxed firewall that has been sitting in a store-room for 3 years, then shipped literally round the world and back.... maybe it just got damaged?
I'm confused. Can I ask what people think?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
This sounds like a connectivity issue. If I had to guess, it may be related by MTU size. You can try lowering your WAN link MTU to let's say 1300 bytes and if the issue gets resolved, you will need to find the correct MTU (ask ISP/PMTUD/PING).
References:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-ping-with-data-size/ta-p/192384
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/596096/interface-mtu-packet-size
However, a far better approach would be taking a packet capture on the client device while also simultaneously taking it on the Fortigate. You can simply compare them and see what is failing.
References:
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1645 | |
1070 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.