Hello everyone,
We are using a Fortigate 120g. However, we can't open any website.
Ping and DNS works on the client and on the fortigate and the packets are forwarded on the fortigate without dropping any packets.
When we connect directly to the Fortigate 120g, we can access the Internet and open web pages without any delay.
When we disconnect the Fortigate 120g and connect our old firewall, everything works fine right away.
What we tried:
Configuring port speed 1000Full on our Cisco CL9200 switch and on the Fortigate 120g.
Do you have any idea how we can fix the problem?
Thank you in advance!
Best regards
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Ok, we fixed the problem.
It was a DNS problem.
Ping worked and DNS names were resolved, but web pages did not load.
With public DNS servers on the client, the sites loaded without delay.
With our internal DNS servers, the sites did not load.
This problem was caused by a subnet that was configured on the Mgmt port on the firewall.
This subnet overlapped with our internal DNS server subnet.
We found this out by performing the following steps:
Ping from firewall to internal DNS server works.
Ping from DNS server to firewall didn't work.
nslookup www.google.com internal DNS server
like nslookup www.google.com 172.1.1.10 (we got two timeouts before the DNS name was resolved)
I hope this solution helps someone.
Regards
Ralf
Please check the Following from the Firewall CLI.
exec ping www.google.com
Check the Policy if you have enabled webfilter and the Licenses are active. Check the routing table.
Follow the article Reference after you run the above diagnostics steps
https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-website-is-not-reachable/ta-p/210201
Hi Salem,
DNS works fine, but Troubleshoot-2 from your link shows only ICMP packets, but no TCP/443 packets. (See attachment).
Ralf
share the output for "config system dns" then show full
Ralf
do this
config system dns
set protocol cleartext
end
ok, done.
Yes, I can ping www.google.com
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.