Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
van_sta
New Contributor III

Trouble with pc dns?


Good afternoon: I have a problem with 2 PCs on my network, I registered them in addresses, I gave them a static IP, I added them to a group in the firewall rule and they don't browse the internet, they don't respond to ping, they don't respond to trace, it seems that the forti blocks the DNS.

 I change it to another group without filters NO internet either

 I change it in a third group and NO Internet

but I don't understand why, I changed the board, the cable, another switch, I did several tests and the conclusion is that the forti blocks me but I don't know why, there is nothing in the logs,

I already had problems like this but after restarting it several times it was solved but with this PC it is getting worse,

I changed the IP too and nothing, I checked if it was The mac is blocked in the dhcp of that interface and nothing, if I put it with the IP of the other network, and PC works, but I need this pc in the 192.168.2.x network.
I have little experience with this equipment and it was already configured, could you tell me what I should looked for or read to understand what is happening?

The network configuration is as follows:
Hardware switch--> lan ENTGRA (internal) 192.168.2.50/255.255.255.0 --> network with problems
Physical interface -->
INT1 connection (wan2)
INT2 connection (wan1)
ENTSEC lan (dmz) 128.1.1.200/255.255.255.0
Hope you can help me with this.
Regards

7 REPLIES 7
sw2090
SuperUser
SuperUser

Probably look into Forward Traffic Log on the Forti or even do some flow debug on cli:

 

diag debug enable

diag debug flow flilter clear

diag debug flow filter saddr <ipofyourpc>

diag debug flow filter daddr <destination ip>

diag debug flow trace start <numberofpackets>

 

Flow trace on FortiGate Cli will show you what happened to the traffic.

Maybe this gives you a clue.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
van_sta
New Contributor III

Thanks. I'll and let you know.

fricci_FTNT
Staff
Staff

Hi @van_sta ,

 

Please double check if the network/subnet config, routing and VLAN/trunk config (if any) are correct.
In addition to a debug flow you can run a packet sniffer from the FortiGate CLI.

Please have a look at the article below on how to troubleshoot your problem on a FortiGate, you should find it helpful:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...


Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
van_sta
New Contributor III

Thanks. I'll and let you know.

dbu
Staff
Staff

Can you add manually the IP in the PC  like : 

IP: 192.168.2.10

Mask: 255.255.255.0

DG:192.168.2.50

 

DNS 8.8.8.8

 

Save the config and test : 

-ping 192.168.2.50

-ping 8.8.8.8

-nslookup www.google.com

 

 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
van_sta
New Contributor III

I tried it and it didn't work

hbac

Hi @van_sta

 

What did you try and what didn't work? Can you provide the outputs? We need more details in order to help. Did you try debug flow commands provided by sw2090? If not yet, please do and provide the output here. 

 

From the problematic PC, please run the following commands and provide the outputs here. 

ipconfig /all

route print 

arp -a 

ping 192.168.2.50

ping 8.8.8.8

ping google.com 

 

 

Regards, 

Labels
Top Kudoed Authors