Check the FortiOS network settings if you have problems connecting to the management interface. FortiOS network settings include, interface settings, DNS Settings, and DHCP settings.
If you can access the FortiGate with the management cable only, you can view the interface settings in the GUI.
- Go to Network > Interfaces.
- Select an interface and click Edit.
- Check the following interfaces to ensure they are not blocking traffic.
The status is Up when a valid cable is plugged in. The status is Down when an invalid cable is plugged in.
The Link Status is shown physically by the connection LED for the interface. If the LED is green, the connection is good. If Link Status is Down, the interface does not work.
Link status also appears in the Network > Interfaces page by default.
Do not use DHCP if you do not have a DHCP server. You will not be able to log into an interface in DHCP mode as it will not have an IP address.
An interface requires an IP address to connect to other devices. Ensure there is a valid IP address in this field. The one exception is when DHCP is enabled for this interface to get its IP address from an external DHCP server.
The same protocol must be used by both ends to complete the connection. Ensure this interface and the remote connection are both using IPv4 or both are using IPv6 addresses.
If no protocols are selected, you will have to use the local management cable to connect to the unit. If you are using IPv6, configure the IPv6 administrative access protocols.
Ensure the status is set to Up or the interface will not work.
FGT# show system interface <interface_name>
config system interface
Go to Network > DNS.
You can trace many networking problems back to DNS issues. Check the following items:
- Are there values for both the Primary DNS server and Secondary DNS server fields.
- Is the Local Domain Name correct?
- Are you using IPv6 addressing? If so, are the IPv6 DNS settings correct?
- Are you using Dynamic DNS (DDNS)? If so, is it using the correct server, credentials, and interface?
- Can you contact both DNS servers to verify the servers are operational?
- If an interface addressing mode is set to DHCP and is set to override the internal DNS, is that interface receiving a valid DNS entry from the DHCP server? Is it a reasonable address and can it be contacted to verify it is operational?
- Are there any DENY security policies that need to allow DNS?
- Can any internal device perform a successful traceroute to a location using the FQDN?
DHCP servers are common on internal and wireless networks. The DHCP server will cause problems if it is not configured correctly.
- Go to Network > Interfaces.
- Select an interface, and click Edit.
- Is the DHCP server enabled?
- Is the DHCP server entry set to Relay? If so, verify there is another DHCP server to which requests can be relayed. Otherwise, set it to Server.
- Does the DHCP server use a valid IP address range? Are other devices using the addresses? If one or more devices are using IP addresses in this range, you can use the IP reservation feature to ensure the DHCP server does not use these addresses. See DHCP server
- Is there a gateway entry? If not, add a gateway entry to ensure that the server's clients have a default route.
- Is the system DNS setting being used? A best practice is to avoid confusion by using the system DNS whenever possible. However, you can specify up to three custom DNS servers, and you should use all three entries for redundancy.
There are some situations, such as a new wireless interface, or during the initial FortiGate configuration, where interfaces override the system DNS entries. When this happens, it often shows up as intermittent Internet connectivity.
To fix the problem, go to Network > DNS, and enable Use FortiGuard Servers.