Fortinet black logo

Cookbook

FortiGate installation troubleshooting

Copy Link
Copy Doc ID 598118ae-ea1f-11e9-8977-00505692583a:85794
Download PDF

FortiGate installation troubleshooting

This document includes information about the steps you can take if your FortiGate isn’t functioning as expected after you’ve installed it in either NAT/Route or Transparent mode. Steps apply to both NAT/Route and Transparent mode, unless noted otherwise.

1. Check your equipment and cables

Verify that all network equipment is powered on and all cables connect to the right interfaces.

2. Check the FortiGate LEDs

There are multiple LEDs on the faceplate of your FortiGate that you can use to troubleshoot the connections. Check your device's QuickStart Guide for more information about the LEDs.

3. Ping the FortiGate

Use a computer on the internal network to IP address of the internal interface. For Transparent mode, ping the management IP address.

If you can’t ping the FortiGate, verify that the IP address of the computer is on the same subnet as the IP address you’re trying to reach. Also, make sure that PING is enabled for Administrative Access on the FortiGate interface.

If you can ping the interface but can’t connect to the GUI , make sure that HTTPS is enabled for Administrative Access on the interface.

If you’re unable to connect using HTTPS or SSH, you need to connect through the console port on the FortiGate. If you are using FortiOS 5.6 or higher, you can also connect using the FortiExplorer app for iOS.

4. Check the FortiGate interface configurations (NAT/Route mode only)

Check the configuration of the FortiGate interfaces to make sure you use the correct Addressing Mode for your network.

5. Verify the security policy configuration

Check the Internet access policy to make sure Action is set to ACCEPT and that the policy is located near the top of the policy list. Check the Sessions column to verify that traffic has been processed by this policy (if this column doesn’t appear, right-click the title row, select Sessions, and select Apply).

If you’re using NAT/Route mode, make sure that NAT is enabled and Use Destination Interface Address is selected.

6. Verify the static routing configuration (NAT/Route mode only)

Make sure you configured a default gateway IP address, provided by your ISP.

7. Verify that you can connect to the Internet-facing interface’s IP address (NAT/Route mode only)

Use a computer on the internal network to ping the IP address of the Internet-facing interface. If you can’t connect to the interface, verify that PING has been enabled for Administrative Access on the interface.

If you are still unable to connect, traffic is not allowed to flow from the internal network to the Internet-facing interface. Go back to the installation recipe for your operation mode and verify that you correctly followed all the steps.

8. Verify that you can connect to the gateway provided by your ISP

Use a computer on the internal network to ping the default gateway IP address. If you can’t reach the gateway, contact your ISP to verify that you are using the correct IP address.

9. Ping an IP on the Internet

On the FortiGate, use the CLI command execute ping to ping the IP address an IP address on the Internet, such as 8.8.8.8, the IP address of Google Public DNS. If you can’t ping the address, then the FortiGate isn’t able to access the Internet.

You can also use the execute traceroute command to troubleshoot connectivity to the Internet.

10. Verify the DNS configuration

The FortiGate uses the Domain Name System (DNS) to map domain names to the corresponding website IP addresses. Use the CLI command execute ping to ping a domain name, such as www.fortinet.com, and verify that the name can be resolved.

If it can’t, check that the DNS settings on the FortiGate are correct.

11. Resetting the FortiGate

If none of the above steps identify your problem, reset the FortiGate to factory defaults using the CLI command execute factoryreset. When prompted, type y to confirm the reset. Resetting the FortiGate to factory defaults puts the FortiGate back into NAT/Toure mode.

12. Contacting Fortinet Support

If you need further assistance with troubleshooting your FortiGate, visit the Fortinet Support website.

FortiGate installation troubleshooting

This document includes information about the steps you can take if your FortiGate isn’t functioning as expected after you’ve installed it in either NAT/Route or Transparent mode. Steps apply to both NAT/Route and Transparent mode, unless noted otherwise.

1. Check your equipment and cables

Verify that all network equipment is powered on and all cables connect to the right interfaces.

2. Check the FortiGate LEDs

There are multiple LEDs on the faceplate of your FortiGate that you can use to troubleshoot the connections. Check your device's QuickStart Guide for more information about the LEDs.

3. Ping the FortiGate

Use a computer on the internal network to IP address of the internal interface. For Transparent mode, ping the management IP address.

If you can’t ping the FortiGate, verify that the IP address of the computer is on the same subnet as the IP address you’re trying to reach. Also, make sure that PING is enabled for Administrative Access on the FortiGate interface.

If you can ping the interface but can’t connect to the GUI , make sure that HTTPS is enabled for Administrative Access on the interface.

If you’re unable to connect using HTTPS or SSH, you need to connect through the console port on the FortiGate. If you are using FortiOS 5.6 or higher, you can also connect using the FortiExplorer app for iOS.

4. Check the FortiGate interface configurations (NAT/Route mode only)

Check the configuration of the FortiGate interfaces to make sure you use the correct Addressing Mode for your network.

5. Verify the security policy configuration

Check the Internet access policy to make sure Action is set to ACCEPT and that the policy is located near the top of the policy list. Check the Sessions column to verify that traffic has been processed by this policy (if this column doesn’t appear, right-click the title row, select Sessions, and select Apply).

If you’re using NAT/Route mode, make sure that NAT is enabled and Use Destination Interface Address is selected.

6. Verify the static routing configuration (NAT/Route mode only)

Make sure you configured a default gateway IP address, provided by your ISP.

7. Verify that you can connect to the Internet-facing interface’s IP address (NAT/Route mode only)

Use a computer on the internal network to ping the IP address of the Internet-facing interface. If you can’t connect to the interface, verify that PING has been enabled for Administrative Access on the interface.

If you are still unable to connect, traffic is not allowed to flow from the internal network to the Internet-facing interface. Go back to the installation recipe for your operation mode and verify that you correctly followed all the steps.

8. Verify that you can connect to the gateway provided by your ISP

Use a computer on the internal network to ping the default gateway IP address. If you can’t reach the gateway, contact your ISP to verify that you are using the correct IP address.

9. Ping an IP on the Internet

On the FortiGate, use the CLI command execute ping to ping the IP address an IP address on the Internet, such as 8.8.8.8, the IP address of Google Public DNS. If you can’t ping the address, then the FortiGate isn’t able to access the Internet.

You can also use the execute traceroute command to troubleshoot connectivity to the Internet.

10. Verify the DNS configuration

The FortiGate uses the Domain Name System (DNS) to map domain names to the corresponding website IP addresses. Use the CLI command execute ping to ping a domain name, such as www.fortinet.com, and verify that the name can be resolved.

If it can’t, check that the DNS settings on the FortiGate are correct.

11. Resetting the FortiGate

If none of the above steps identify your problem, reset the FortiGate to factory defaults using the CLI command execute factoryreset. When prompted, type y to confirm the reset. Resetting the FortiGate to factory defaults puts the FortiGate back into NAT/Toure mode.

12. Contacting Fortinet Support

If you need further assistance with troubleshooting your FortiGate, visit the Fortinet Support website.