I would like to explaine how to troubleshoot the Fortigate Unit configured by Transparent Mode in step by step this time.
Let's assume, you have one Fortigate Unit that configured as Transparent Mode. But devices from Internal/Private Network unable to access Internet/Public Network through your Fortigate Unit.
OK. Let's troubleshoot with following steps,
1) Check the physical network connections between the network and the FortiGate unit, and between the FortiGate unit and the Internet.
2) Check the router and ISP-supplied equipment to make sure it is operating correctly.
3) Verify that you can connect to the internal interface by connecting to the management IP address of the FortiGate unit from the Internal network.
From the internal network, attempt to ping the management IP address.
If you cannot connect to the internal interface, verify the IP configuration of the PC and make sure the cables are connected and all switches and other devices on the network are powered on and operating. Go to the next step when you can connect to the internal interface.
4) To verify that you can communicate from the FortiGate unit to the Internet, access the FortiGate CLI and use the execute ping command to ping an address on the Internet.
You can also use the execute traceroute command to troubleshoot connectivity to the Internet.
5) Verify the DNS configurations of the FortiGate unit and the PCs on the internal network. You can check for DNS errors by pinging or using traceroute to connect to a domain name.
6) Verify the security policy configuration.
7) Verify the static routing configuration.
8) Disable web filtering.
9) Verify that you can connect to the gateway provided by your ISP. Try pinging the default gateway IP address from a PC on the internal network.
10) Confirm that the FortiGate unit can connect to the FortiGuard network.
(Once registered, the FortiGate unit obtains antivirus and application control and other updates from the FortiGuard network. Once the FortiGate unit is on your network, you should confirm that it can reach the FortiGuard network. The FortiGate unit must be able to connect to the network from its management IP address. If the following tests provide
incorrect results, the FortiGate unit cannot connect to the Internet from its management IP address. Check the FortiGate unit’s default route to make sure it is correct. Check your Internet firewall to make sure it allows connections from the FortiGate management IP address to the Internet.)
First, check the License Information dashboard widget to make sure the status of all FortiGuard services matches the services that you have purchased. The FortiGate unit connects to the FortiGuard network to obtain this information.
Go to System > Config > FortiGuard. Open web filtering and email options and select Test
Availability. After a minute the web-based manager should indicate that the connection
was successful.
11) Check the FortiGate bridge table.
(The bridge table is a list of MAC addresses of devices on the same network as the FortiGate
unit and the FortiGate interfaces from which each MAC address was found. The FortiGate
unit uses this table to determine where to forward a packet. If a the MAC address of a
specific device is getting added to in the bridge table, then packets to that MAC address
will be blocked. This may appear as traffic going to a MAC address, but no reply traffic
coming back. In this situation, check the bridge table to ensure the correct MAC addresses
have been added to the bridge table. Use the following CLI command to check the bridge
table associated with the root VDOM.)
If your device’s MAC address is not listed, the FortiGate unit cannot find the device on the
network. This could indicate that the device is not connected or not operating. Check the
device’s network connections and make sure it is operating correctly.
Well...I hope above steps are enough to troubleshoot your Fortigate configured as Transparent mode. I didn't write in details some steps in above because of those are written on older posts.
May you all be happy.
(Be knowledgeable, pass it on then)
Let's assume, you have one Fortigate Unit that configured as Transparent Mode. But devices from Internal/Private Network unable to access Internet/Public Network through your Fortigate Unit.
OK. Let's troubleshoot with following steps,
1) Check the physical network connections between the network and the FortiGate unit, and between the FortiGate unit and the Internet.
2) Check the router and ISP-supplied equipment to make sure it is operating correctly.
3) Verify that you can connect to the internal interface by connecting to the management IP address of the FortiGate unit from the Internal network.
From the internal network, attempt to ping the management IP address.
If you cannot connect to the internal interface, verify the IP configuration of the PC and make sure the cables are connected and all switches and other devices on the network are powered on and operating. Go to the next step when you can connect to the internal interface.
4) To verify that you can communicate from the FortiGate unit to the Internet, access the FortiGate CLI and use the execute ping command to ping an address on the Internet.
You can also use the execute traceroute command to troubleshoot connectivity to the Internet.
5) Verify the DNS configurations of the FortiGate unit and the PCs on the internal network. You can check for DNS errors by pinging or using traceroute to connect to a domain name.
6) Verify the security policy configuration.
7) Verify the static routing configuration.
8) Disable web filtering.
9) Verify that you can connect to the gateway provided by your ISP. Try pinging the default gateway IP address from a PC on the internal network.
10) Confirm that the FortiGate unit can connect to the FortiGuard network.
(Once registered, the FortiGate unit obtains antivirus and application control and other updates from the FortiGuard network. Once the FortiGate unit is on your network, you should confirm that it can reach the FortiGuard network. The FortiGate unit must be able to connect to the network from its management IP address. If the following tests provide
incorrect results, the FortiGate unit cannot connect to the Internet from its management IP address. Check the FortiGate unit’s default route to make sure it is correct. Check your Internet firewall to make sure it allows connections from the FortiGate management IP address to the Internet.)
First, check the License Information dashboard widget to make sure the status of all FortiGuard services matches the services that you have purchased. The FortiGate unit connects to the FortiGuard network to obtain this information.
Go to System > Config > FortiGuard. Open web filtering and email options and select Test
Availability. After a minute the web-based manager should indicate that the connection
was successful.
11) Check the FortiGate bridge table.
(The bridge table is a list of MAC addresses of devices on the same network as the FortiGate
unit and the FortiGate interfaces from which each MAC address was found. The FortiGate
unit uses this table to determine where to forward a packet. If a the MAC address of a
specific device is getting added to in the bridge table, then packets to that MAC address
will be blocked. This may appear as traffic going to a MAC address, but no reply traffic
coming back. In this situation, check the bridge table to ensure the correct MAC addresses
have been added to the bridge table. Use the following CLI command to check the bridge
table associated with the root VDOM.)
If your device’s MAC address is not listed, the FortiGate unit cannot find the device on the
network. This could indicate that the device is not connected or not operating. Check the
device’s network connections and make sure it is operating correctly.
Well...I hope above steps are enough to troubleshoot your Fortigate configured as Transparent mode. I didn't write in details some steps in above because of those are written on older posts.
May you all be happy.
(Be knowledgeable, pass it on then)
Comments
Post a Comment