Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
cwb2205
New Contributor

clients unable to browse internet at remote site.

Ran into a strange issue today where clients connecting to the wifi at a remote building were unable to browse the internet but the wifi says there is internet, The clients can resolve names through nslookup they can ping wubsites but can not browse (connection times out)

 

The set up is a bit strange but here it is.

Remote site has a cisco switch, it has a trunk port to the fortigate, that port is assigned to a software switch. 

There is a site to site vpn configured with vxlan encapsulation and that vpn is in the software switch too.

In the main campus there is the same basically vpn and a port in a software switch and the port trunked to the core network. 

 

There seems to be good connectivity as the APs in the remote site can connect to the wifi controller in the campus and the building access system also talks back to the servers.

 

I just can't work out why if the client can resolve dns and ping and traceroute to website that it can no browse. I have checked all logs and there is nothing blocking the traffic. I have also tried statically assigning a dns server on the client.

 

Any ideas would be appreciated.

NSE 7 ATP3.0

NSE 7 ATP3.0
1 REPLY 1
cwb2205
New Contributor

I've boiled it down to an MTU setting but having some issue finding the solution. I have set the internet sub interface to mtu-1492 and I have set the software switch tcp-mss to 1390 to allow for overheads

still no joy. 

NSE 7 ATP3.0

NSE 7 ATP3.0
Labels
Top Kudoed Authors