Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Did you follow the recommended upgrade path?
The unit with 6.0.5 - can you ping your own interface? can you ping your core switch? Do you see any session on it?
I'm not sure how the 3 Internet links are connected? Did you move all of them to the upgraded unit?
Can you explain a bit more? You said the internet doesn't work on systems yet you can ping 8.8.8.8 from the core switch, is that correct? Same VLAN as the systems? Did you clear the ARP cache for one of the systems?
I recently upgraded three firewalls from 5.4.4 to 6.2.0, no issues spotted.
Hi,
Did you follow the upgrade path? Since there is a big gap between the versions, configuration syntax might be different.
The path supposed to be: 5.4.4 1117>>5.6.2 1486>>5.6.6 1630>>6.0.4 0231>>6.0.5 0268
BR
Hey thalaivarda,
There's a lot of good information in this thread already but I thought I'd add a bit more to try and help you out. First, we need to figure out what's happening on the FortiGate directly. You said that you can't ping anything from the 'Gate directly. Check your routing tables with "get router info routing-table all" and ensure you have a default gateway on (at least) one of your ISP links (Example: "0.0.0.0/0 [1/0] via 1.1.1.1, wan1 10/0"). If you don't have a default gateway, you'll need to add one in.
Which brings us to our next item. Assuming you have a default gateway, you have three ISP links. Do you have one default gateway or three? Which route has the better preference or are they all equal? Can you post the output of "get router info routing-table all" to the thread so we can see what should be happening to your packets? Is it possible to delete two default gateways to force traffic out one ISP for testing?
Lastly, I would connect to the device with two SSH sessions; On the first, run your ping test to 8.8.8.8 and on the second, run a packet capture to see what's happening on the wire (diagnose sniffer packet wan1 '(host 8.8.8.8 and icmp) or arp' 6 10) and see if the packets are leaving or if you may have a Layer-2 issue with ARP.
Speaking of ARP, one other last thing... :) Can you paste the output of "get system arp" to the thread and let us know what your upstream ISP router IP addresses are?
Hope this helps,
Sean (Gr@ve_Rose)
Site: https://tcpdump101.com
Twitter: https://twitter.com/Grave_Rose
Reddit: https://reddit.com/r/tcpdump101
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.