Hello everyone,
We are using a Fortigate 120g. However, we can't open any website.
Ping and DNS works on the client and on the fortigate and the packets are forwarded on the fortigate without dropping any packets.
When we connect directly to the Fortigate 120g, we can access the Internet and open web pages without any delay.
When we disconnect the Fortigate 120g and connect our old firewall, everything works fine right away.
What we tried:
Configuring port speed 1000Full on our Cisco CL9200 switch and on the Fortigate 120g.
Do you have any idea how we can fix the problem?
Thank you in advance!
Best regards
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Ok, we fixed the problem.
It was a DNS problem.
Ping worked and DNS names were resolved, but web pages did not load.
With public DNS servers on the client, the sites loaded without delay.
With our internal DNS servers, the sites did not load.
This problem was caused by a subnet that was configured on the Mgmt port on the firewall.
This subnet overlapped with our internal DNS server subnet.
We found this out by performing the following steps:
Ping from firewall to internal DNS server works.
Ping from DNS server to firewall didn't work.
nslookup www.google.com internal DNS server
like nslookup www.google.com 172.1.1.10 (we got two timeouts before the DNS name was resolved)
I hope this solution helps someone.
Regards
Ralf
No package was dropped...
But there is something strange. The packets are being routed through the mgmt interface "172.29.29.90" and not to 10.255.255.1.
Is the VLAN gateway on the FortiGate ? or at the Core Switch
VLAN gateway is on the Core Switch.
Ralf
Ok, there was a routing issue.
We tried from another VLAN which is not routed over the mgmt gateway and we have the same problem loading the websites.
Ralf
Are you using a hardware switch or a software switch at the FortiGate ?
Try to disable the forward error check at the interface.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Forward-Error-Correction-FEC/ta-p/195247
Ok, we fixed the problem.
It was a DNS problem.
Ping worked and DNS names were resolved, but web pages did not load.
With public DNS servers on the client, the sites loaded without delay.
With our internal DNS servers, the sites did not load.
This problem was caused by a subnet that was configured on the Mgmt port on the firewall.
This subnet overlapped with our internal DNS server subnet.
We found this out by performing the following steps:
Ping from firewall to internal DNS server works.
Ping from DNS server to firewall didn't work.
nslookup www.google.com internal DNS server
like nslookup www.google.com 172.1.1.10 (we got two timeouts before the DNS name was resolved)
I hope this solution helps someone.
Regards
Ralf
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1707 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.