Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
afarouk
New Contributor

Created on ‎05-03-2023 05:07 AM

cant access internet using Fortigate VM

I have deployed Fortigate-VM and I am able to access the GUI.

The firewall can access the internet but as a users I can reach the firewall but no internet connection.

I would like some help if there is any configuration needed on the ESXI or the switch where its connected.

 

1 port connected for LAN and another port connected for WAN.

 

1.jpg2.jpg3.jpg4.jpg5.jpg6.jpg7.jpg

Labels:
7040
0 Kudos
33 REPLIES 33
afarouk
New Contributor
In response to srajeswaran

Created on ‎05-03-2023 06:55 AM

the output 

13.jpg14.jpg

1549
0 Kudos
srajeswaran
Staff
Staff
In response to afarouk

Created on ‎05-03-2023 06:59 AM

Now we really need to run some debug.
Ref: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-filters-to-review-traffic-traversing...

diagnose debug reset

diagnose debug flow filter saddr 10.10.100.1

diagnose debug flow filter daddr 8.8.8.8

diagnose debug flow filter proto 1

diagnose debug console timestamp enable

diagnose debug flow trace start 10

diagnose debug enable

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
1548
0 Kudos
afarouk
New Contributor
In response to srajeswaran

Created on ‎05-03-2023 07:10 AM

15.jpg

1546
0 Kudos
srajeswaran
Staff
Staff
In response to afarouk

Created on ‎05-03-2023 11:09 PM

Can you ping 192.168.100.1 from the user PC and collect the debug with additional information.

 

diagnose debug reset

diagnose debug flow filter saddr 10.10.100.1

diagnose debug flow filter daddr 192.168.100.1

diagnose debug flow filter proto 1

diagnose debug console timestamp enable

diagnose debug flow show function-name enable

diagnose debug flow show iprope enable

diagnose debug flow trace start 10

diagnose debug enable

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
1516
0 Kudos
vsahu
Staff
Staff
In response to afarouk

Created on ‎05-04-2023 12:26 AM

Hello,

As per the sniffer logs, we can see the "in" traffic on Port1 from source 10.10.100.1 but no "out" traffic, and as per the flow filter route lookup is happening and for every packet from 192.168.100.1  new session is allocating so it seems the traffic is getting denied due to some reason, To verify it we will need to collect the flow filter with iprope.

please take the below debug and share the output 

diag debug disable
diag debug reset
diag debug flow filter clear
diag debug flow filter saddr x.x.x.x
diag debug flow filter daddr 8.8.8.8
diag debug flow filter proto 1
diag debug flow show iprop en
diag debug flow show fun en
diag debug flow trace start 1000
diag debug enable

Here x.x.x.x is the source machine IP, once the flow filter is in place initiate the ping from the machine to 8.8.8.8, collect the output and share.

Regards,
Vishal
1513
0 Kudos
afarouk
New Contributor
In response to vsahu

Created on ‎05-04-2023 03:56 AM

16.jpg

1504
0 Kudos
afarouk
New Contributor
In response to srajeswaran

Created on ‎05-04-2023 03:58 AM

17.jpg

1503
0 Kudos
vsahu
Staff
Staff
In response to afarouk

Created on ‎05-04-2023 04:26 AM

Have you configured any DDOS policy on the Fortigate? because it's not doing any policy lookup after the route check.

Please verify the Anomaly logs in Logs & Report - > Security Event

Regards,
Vishal
1497
0 Kudos
afarouk
New Contributor
In response to vsahu

Created on ‎05-04-2023 04:32 AM

i havent configured any thing beside route and a policy for the internet access, everything else is default

18.jpg

1495
0 Kudos
srajeswaran
Staff
Staff
In response to afarouk

Created on ‎05-04-2023 04:35 AM

This is getting interesting .

 

diagnose firewall iprope lookup 10.10.100.1 59618 8.8.8.8 53524 1 port1

diagnose firewall iprope list 00100004


Can you share these 2 outputs

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
1494
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.