Skip to main content

Fortigate guide for Begineer - 6

I would like to explaine how to troubleshoot the Fortigate Unit configured by Transparent Mode in step by step this time.

Let's assume, you have one Fortigate Unit that configured as Transparent Mode. But devices from Internal/Private Network unable to access Internet/Public Network through your Fortigate Unit.

OK. Let's troubleshoot with following steps,

1) Check the physical network connections between the network and the FortiGate unit, and between the FortiGate unit and the Internet.

2) Check the router and ISP-supplied equipment to make sure it is operating correctly.

3) Verify that you can connect to the internal interface by connecting to the management IP address of the FortiGate unit from the Internal network.
From the internal network, attempt to ping the management IP address.
If you cannot connect to the internal interface, verify the IP configuration of the PC and make sure the cables are connected and all switches and other devices on the network are powered on and operating. Go to the next step when you can connect to the internal interface.

4) To verify that you can communicate from the FortiGate unit to the Internet, access the FortiGate CLI and use the execute ping command to ping an address on the Internet.
You can also use the execute traceroute command to troubleshoot connectivity to the Internet.

5) Verify the DNS configurations of the FortiGate unit and the PCs on the internal network. You can check for DNS errors by pinging or using traceroute to connect to a domain name.

6) Verify the security policy configuration.

7) Verify the static routing configuration.

8) Disable web filtering.

9) Verify that you can connect to the gateway provided by your ISP. Try pinging the default gateway IP address from a PC on the internal network.

10) Confirm that the FortiGate unit can connect to the FortiGuard network.
(Once registered, the FortiGate unit obtains antivirus and application control and other updates from the FortiGuard network. Once the FortiGate unit is on your network, you should confirm that it can reach the FortiGuard network. The FortiGate unit must be able to connect to the network from its management IP address. If the following tests provide
incorrect results, the FortiGate unit cannot connect to the Internet from its management IP address. Check the FortiGate unit’s default route to make sure it is correct. Check your Internet firewall to make sure it allows connections from the FortiGate management IP address to the Internet.)

First, check the License Information dashboard widget to make sure the status of all FortiGuard services matches the services that you have purchased. The FortiGate unit connects to the FortiGuard network to obtain this information.
Go to System > Config > FortiGuard. Open web filtering and email options and select Test
Availability. After a minute the web-based manager should indicate that the connection
was successful.

11) Check the FortiGate bridge table.
(The bridge table is a list of MAC addresses of devices on the same network as the FortiGate
unit and the FortiGate interfaces from which each MAC address was found. The FortiGate
unit uses this table to determine where to forward a packet. If a the MAC address of a
specific device is getting added to in the bridge table, then packets to that MAC address
will be blocked. This may appear as traffic going to a MAC address, but no reply traffic
coming back. In this situation, check the bridge table to ensure the correct MAC addresses
have been added to the bridge table. Use the following CLI command to check the bridge
table associated with the root VDOM.)



If your device’s MAC address is not listed, the FortiGate unit cannot find the device on the
network. This could indicate that the device is not connected or not operating. Check the
device’s network connections and make sure it is operating correctly.

Well...I hope above steps are enough to troubleshoot your Fortigate configured as Transparent mode. I didn't write in details some steps in above because of those are written on older posts.

May you all be happy.
(Be knowledgeable, pass it on then)

Comments

Popular posts from this blog

Why do we need network virtualization?

We need to think about Server Virtualization first if we want to talk about Network Virtualization. In the era of cloud computing, servers are virtualized and used in Data Centers. We are facing a lot of problem when we virtualized our Servers, 1) Routing and Switching Problem Routing become the issue when we create Virtual Switch and VLANs according to production requirement. Network Team might need some time to change on their end to meet with Server Virtualization Team changes on their end. ၂) Firewall Services Physical Firewall are difficult to manage due to the large number of rules needed to satisfy business requirements. New applications, new projects, and new networks all come with potential security requirements, which impact centralized firewall management. ၃) Load Balancing Let's say your company deploys a new physical load balancer for each tenant, resulting in increased capital expenditures. Once a tenant reaches their maximum capacity, it ca...

Link Aggregating with Synology NAS and Cisco Switch

I’d like to share how to setup Link Aggregating between Synology NAS and Cisco Switch. I’ve got one Synology NAS with 4 Network Ports and I’m going to use 2 of them. Both Network Port to be as one Logical Link, Fault Tolerance and Load Balancing. To do that, I need to configure Link Aggregating on Synology NAS and EtherChannel with LACP on Cisco Switch. Below is brief steps to do to meet with my requirements. - Get connected Synology NAS and Cisco Switch as shown in picture. - Bonding two Network Ports of Synology NAS and assign IP Address - Configure EtherChannel with LACP in Cisco Switch and add two physical ports as Member. OK. Let’s begin from Synology NAS. - Login to the Synology and go to Control Panel>Network>Create>Create Bond - Select IEEE 802.3ad to get Fault Tolerance and Load Balancing Featureyou’re your switch not support 802.3ad you can only select Fault Tolerance only feature). After that click “Next”. - Choose the network port f...