This document includes information about the steps you can take if your FortiGate isn’t functioning as expected after you’ve installed it in either NAT/Route or Transparent mode. Steps apply to both NAT/Route and Transparent mode, unless noted otherwise.
Verify that all network equipment is powered on and all cables connect to the right interfaces.
There are multiple LEDs on the faceplate of your FortiGate that you can use to troubleshoot the connections. Check your device's QuickStart Guide for more information about the LEDs.
Use a computer on the internal network to IP address of the internal interface. For Transparent mode, ping the management IP address.
If you can’t ping the FortiGate, verify that the IP address of the computer is on the same subnet as the IP address you’re trying to reach. Also, make sure that PING is enabled for Administrative Access on the FortiGate interface.
If you can ping the interface but can’t connect to the GUI , make sure that HTTPS is enabled for Administrative Access on the interface.
If you’re unable to connect using HTTPS or SSH, you need to connect through the console port on the FortiGate. If you are using FortiOS 5.6 or higher, you can also connect using the FortiExplorer app for iOS.
Check the configuration of the FortiGate interfaces to make sure you use the correct Addressing Mode for your network.
Check the Internet access policy to make sure Action is set to ACCEPT and that the policy is located near the top of the policy list. Check the Sessions column to verify that traffic has been processed by this policy (if this column doesn’t appear, right-click the title row, select Sessions, and select Apply).
If you’re using NAT/Route mode, make sure that NAT is enabled and Use Destination Interface Address is selected.
Make sure you configured a default gateway IP address, provided by your ISP.
Use a computer on the internal network to ping the IP address of the Internet-facing interface. If you can’t connect to the interface, verify that PING has been enabled for Administrative Access on the interface.
If you are still unable to connect, traffic is not allowed to flow from the internal network to the Internet-facing interface. Go back to the installation recipe for your operation mode and verify that you correctly followed all the steps.
Use a computer on the internal network to ping the default gateway IP address. If you can’t reach the gateway, contact your ISP to verify that you are using the correct IP address.
On the FortiGate, use the CLI command
execute ping to ping the IP address an IP address on the Internet, such as 22.214.171.124, the IP address of Google Public DNS. If you can’t ping the address, then the FortiGate isn’t able to access the Internet.
You can also use the
execute traceroute command to troubleshoot connectivity to the Internet.
The FortiGate uses the Domain Name System (DNS) to map domain names
to the corresponding website IP addresses. Use the CLI command
execute ping to ping a domain name, such as www.fortinet.com, and verify that the name can be resolved.
If it can’t, check that the DNS settings on the FortiGate are correct.
If none of the above steps identify your problem, reset the FortiGate to factory defaults using the CLI command
execute factoryreset. When prompted, type
y to confirm the reset. Resetting the FortiGate to factory defaults puts the FortiGate back into NAT/Toure mode.
If you need further assistance with troubleshooting your FortiGate, visit the Fortinet Support website.