Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortinetBeginner
New Contributor III

Created on ‎07-27-2024 12:50 PM

Websites are not loading - Fortigate 120g

Hello everyone,

 

We are using a Fortigate 120g. However, we can't open any website.

 

Ping and DNS works on the client and on the fortigate and the packets are forwarded on the fortigate without dropping any packets.

 

When we connect directly to the Fortigate 120g, we can access the Internet and open web pages without any delay.

 

When we disconnect the Fortigate 120g and connect our old firewall, everything works fine right away.

 

What we tried:

Configuring port speed 1000Full on our Cisco CL9200 switch and on the Fortigate 120g.


Do you have any idea how we can fix the problem?

 

Thank you in advance!

 

Best regards

Labels:
3616
0 Kudos
1 Solution
FortinetBeginner
New Contributor III

Created on ‎08-02-2024 01:41 AM

Ok, we fixed the problem.

It was a DNS problem.

Ping worked and DNS names were resolved, but web pages did not load.

With public DNS servers on the client, the sites loaded without delay.

With our internal DNS servers, the sites did not load.

This problem was caused by a subnet that was configured on the Mgmt port on the firewall.

This subnet overlapped with our internal DNS server subnet.

 

We found this out by performing the following steps:

 

Ping from firewall to internal DNS server works.

Ping from DNS server to firewall didn't work.

nslookup www.google.com internal DNS server

like nslookup www.google.com 172.1.1.10 (we got two timeouts before the DNS name was resolved)

 

I hope this solution helps someone.

 

 

Regards

Ralf

View solution in original post

2639
0 Kudos
36 REPLIES 36
FortinetBeginner
New Contributor III
In response to salemneaz

Created on ‎07-28-2024 09:12 AM

No package was dropped...

But there is something strange. The packets are being routed through the mgmt interface "172.29.29.90" and not to 10.255.255.1.

 

Screenshot 2024-07-25 185039.png

648
0 Kudos
salemneaz
Staff
Staff
In response to salemneaz

Created on ‎07-28-2024 09:19 AM

Is the VLAN gateway on the FortiGate ? or at the Core Switch

Salem
641
FortinetBeginner
New Contributor III
In response to salemneaz

Created on ‎07-28-2024 09:24 AM

VLAN gateway is on the Core Switch.

 

Ralf

636
0 Kudos
FortinetBeginner
New Contributor III
In response to salemneaz

Created on ‎07-28-2024 09:26 AM

Ok, there was a routing issue.

We tried from another VLAN which is not routed over the mgmt gateway and we have the same problem loading the websites.

 

Routing.PNG

 

Routing1.PNG

 

Ralf

634
0 Kudos
salemneaz
Staff
Staff
In response to FortinetBeginner

Created on ‎08-04-2024 05:56 AM

Are you using a hardware switch or a software switch at the FortiGate ?

Salem
515
0 Kudos
salemneaz
Staff
Staff
In response to FortinetBeginner

Created on ‎08-04-2024 06:03 AM

Try to disable the forward error check at the interface.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Forward-Error-Correction-FEC/ta-p/195247

Salem
508
0 Kudos
FortinetBeginner
New Contributor III

Created on ‎08-02-2024 01:41 AM

Ok, we fixed the problem.

It was a DNS problem.

Ping worked and DNS names were resolved, but web pages did not load.

With public DNS servers on the client, the sites loaded without delay.

With our internal DNS servers, the sites did not load.

This problem was caused by a subnet that was configured on the Mgmt port on the firewall.

This subnet overlapped with our internal DNS server subnet.

 

We found this out by performing the following steps:

 

Ping from firewall to internal DNS server works.

Ping from DNS server to firewall didn't work.

nslookup www.google.com internal DNS server

like nslookup www.google.com 172.1.1.10 (we got two timeouts before the DNS name was resolved)

 

I hope this solution helps someone.

 

 

Regards

Ralf

2640
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.