Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortinetBeginner
New Contributor III

Created on ‎07-27-2024 12:50 PM

Websites are not loading - Fortigate 120g

Hello everyone,

 

We are using a Fortigate 120g. However, we can't open any website.

 

Ping and DNS works on the client and on the fortigate and the packets are forwarded on the fortigate without dropping any packets.

 

When we connect directly to the Fortigate 120g, we can access the Internet and open web pages without any delay.

 

When we disconnect the Fortigate 120g and connect our old firewall, everything works fine right away.

 

What we tried:

Configuring port speed 1000Full on our Cisco CL9200 switch and on the Fortigate 120g.


Do you have any idea how we can fix the problem?

 

Thank you in advance!

 

Best regards

Labels:
3615
0 Kudos
1 Solution
FortinetBeginner
New Contributor III

Created on ‎08-02-2024 01:41 AM

Ok, we fixed the problem.

It was a DNS problem.

Ping worked and DNS names were resolved, but web pages did not load.

With public DNS servers on the client, the sites loaded without delay.

With our internal DNS servers, the sites did not load.

This problem was caused by a subnet that was configured on the Mgmt port on the firewall.

This subnet overlapped with our internal DNS server subnet.

 

We found this out by performing the following steps:

 

Ping from firewall to internal DNS server works.

Ping from DNS server to firewall didn't work.

nslookup www.google.com internal DNS server

like nslookup www.google.com 172.1.1.10 (we got two timeouts before the DNS name was resolved)

 

I hope this solution helps someone.

 

 

Regards

Ralf

View solution in original post

2638
0 Kudos
36 REPLIES 36
salemneaz
Staff
Staff

Created on ‎07-27-2024 12:58 PM

 Please check the Following from the Firewall CLI.

 

exec ping www.google.com 

 

Check the Policy if you have enabled webfilter and the Licenses are active. Check the routing table.

 

Follow the article Reference after you run the above diagnostics steps

 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-website-is-not-reachable/ta-p/210201

Salem
1219
FortinetBeginner
New Contributor III
In response to salemneaz

Created on ‎07-27-2024 01:21 PM

Hi Salem,

 

 

DNS works fine, but Troubleshoot-2 from your link shows only ICMP packets, but no TCP/443 packets. (See attachment).Troubleshoot-2-Result-only-ICMP-traffic.png

Ralf

 

1203
0 Kudos
salemneaz
Staff
Staff
In response to FortinetBeginner

Created on ‎07-27-2024 01:24 PM

from the Firewall GUI can you do this 'exec ping www.google.com'

 

Salem
1199
salemneaz
Staff
Staff
In response to salemneaz

Created on ‎07-27-2024 01:25 PM

share the output for "config system dns" then show full

Salem
1194
FortinetBeginner
New Contributor III
In response to salemneaz

Created on ‎07-27-2024 01:29 PM

DNS-Settings-Fortigate.png

Ralf

1188
salemneaz
Staff
Staff
In response to FortinetBeginner

Created on ‎07-27-2024 01:30 PM

share the output as well

exec ping www.google.com

from the Firewall CLI

Salem
1184
salemneaz
Staff
Staff
In response to FortinetBeginner

Created on ‎07-27-2024 01:31 PM

do this 

config system dns

set protocol cleartext

end

 

 

Salem
1170
FortinetBeginner
New Contributor III
In response to salemneaz

Created on ‎07-27-2024 01:33 PM

ok, done.

1164
0 Kudos
FortinetBeginner
New Contributor III
In response to salemneaz

Created on ‎07-27-2024 01:30 PM

Yes, I can ping www.google.comPing.png

1182
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.