Good afternoon: I have a problem with 2 PCs on my network, I registered them in addresses, I gave them a static IP, I added them to a group in the firewall rule and they don't browse the internet, they don't respond to ping, they don't respond to trace, it seems that the forti blocks the DNS.
I change it to another group without filters NO internet either
I change it in a third group and NO Internet
but I don't understand why, I changed the board, the cable, another switch, I did several tests and the conclusion is that the forti blocks me but I don't know why, there is nothing in the logs,
I already had problems like this but after restarting it several times it was solved but with this PC it is getting worse,
I changed the IP too and nothing, I checked if it was The mac is blocked in the dhcp of that interface and nothing, if I put it with the IP of the other network, and PC works, but I need this pc in the 192.168.2.x network.
I have little experience with this equipment and it was already configured, could you tell me what I should looked for or read to understand what is happening?
The network configuration is as follows:
Hardware switch--> lan ENTGRA (internal) 192.168.2.50/255.255.255.0 --> network with problems
Physical interface -->
INT1 connection (wan2)
INT2 connection (wan1)
ENTSEC lan (dmz) 128.1.1.200/255.255.255.0
Hope you can help me with this.
Regards
Probably look into Forward Traffic Log on the Forti or even do some flow debug on cli:
diag debug enable
diag debug flow flilter clear
diag debug flow filter saddr <ipofyourpc>
diag debug flow filter daddr <destination ip>
diag debug flow trace start <numberofpackets>
Flow trace on FortiGate Cli will show you what happened to the traffic.
Maybe this gives you a clue.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Thanks. I'll and let you know.
Hi @van_sta ,
Please double check if the network/subnet config, routing and VLAN/trunk config (if any) are correct.
In addition to a debug flow you can run a packet sniffer from the FortiGate CLI.
Please have a look at the article below on how to troubleshoot your problem on a FortiGate, you should find it helpful:
Best regards,
Thanks. I'll and let you know.
Can you add manually the IP in the PC like :
IP: 192.168.2.10
Mask: 255.255.255.0
DG:192.168.2.50
DNS 8.8.8.8
Save the config and test :
-ping 192.168.2.50
-ping 8.8.8.8
-nslookup www.google.com
I tried it and it didn't work
Hi @van_sta,
What did you try and what didn't work? Can you provide the outputs? We need more details in order to help. Did you try debug flow commands provided by sw2090? If not yet, please do and provide the output here.
From the problematic PC, please run the following commands and provide the outputs here.
ipconfig /all
route print
arp -a
ping 192.168.2.50
ping 8.8.8.8
ping google.com
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.