Fortinet black logo

Cookbook

Troubleshooting scenarios

Copy Link
Copy Doc ID af0e75e9-211f-11ea-9384-00505692583a:517124
Download PDF

Troubleshooting scenarios

The following table is intended to help you diagnose common problems and provides links to the corresponding troubleshooting topics:

Problem

Probable cause

Recommended action

Hardware connections
  • Are all of the cables and interfaces connected properly?
  • Is the LED for the interface green?
Checking the hardware connections
FortiOS network settings
  • If you are having problems connecting to the management interface, is your protocol enabled on the interface for administrative access?
  • Does the interface have an IP address?
Checking FortiOS network settings
CPU and memory resources
  • Is the CPU running at almost 100 percent usage?
  • Is your FortiGate running low on memory?
Checking CPU and memory resources
Modem status
  • Is the modem connected?
  • Are there PPP issues?
Checking the modem status
Ping and traceroute Is the FortiGate experiencing complete packet loss? Running ping and traceroute
Logs Do you need to identify a problem? Checking the logs
Contents of the routing table (in NAT mode)
  • Are there routes in the routing table for default and static routes?
  • Do all connected subnets have a route in the routing table?
  • Does a route have a higher priority than it should?
Verifying routing table contents in NAT mode
Traffic routes Is the traffic routed correctly? Verifying the correct route is being used
Firewall policies Is the correct firewall policy applied to the expected traffic? Verifying the correct firewall policy is being used
Bridging information in transparent mode Are you having problems in transparent mode? Checking the bridging information in transparent mode
Number of sessions used by UTM proxy
  • Have you reached the maximum number of sessions for a protocol?
  • Are new sessions failing to start for a certain protocol?
Checking the number of sessions that UTM proxy uses
Firewall session list
  • Are there active firewall sessions?
Using a session table
Wireless Network Is the wireless network working properly? Checking wireless information
FortiGuard connectivity Is the FortiGate communicating properly with FortiGuard? Verifying connectivity to FortiGuard
Sniffer trace
  • Is traffic entering the FortiGate? Does the traffic arrive on the expected interface?
  • Is the ARP resolution correct for the next-hop destination?
  • Is the traffic exiting the FortiGate to the destination as expected?
  • Is the FortiGate sending traffic back to the originator?
Performing a sniffer trace (CLI and packet capture)
Packet flow Is traffic entering or leaving the FortiGate as expected? Debugging the packet flow

Troubleshooting scenarios

The following table is intended to help you diagnose common problems and provides links to the corresponding troubleshooting topics:

Problem

Probable cause

Recommended action

Hardware connections
  • Are all of the cables and interfaces connected properly?
  • Is the LED for the interface green?
Checking the hardware connections
FortiOS network settings
  • If you are having problems connecting to the management interface, is your protocol enabled on the interface for administrative access?
  • Does the interface have an IP address?
Checking FortiOS network settings
CPU and memory resources
  • Is the CPU running at almost 100 percent usage?
  • Is your FortiGate running low on memory?
Checking CPU and memory resources
Modem status
  • Is the modem connected?
  • Are there PPP issues?
Checking the modem status
Ping and traceroute Is the FortiGate experiencing complete packet loss? Running ping and traceroute
Logs Do you need to identify a problem? Checking the logs
Contents of the routing table (in NAT mode)
  • Are there routes in the routing table for default and static routes?
  • Do all connected subnets have a route in the routing table?
  • Does a route have a higher priority than it should?
Verifying routing table contents in NAT mode
Traffic routes Is the traffic routed correctly? Verifying the correct route is being used
Firewall policies Is the correct firewall policy applied to the expected traffic? Verifying the correct firewall policy is being used
Bridging information in transparent mode Are you having problems in transparent mode? Checking the bridging information in transparent mode
Number of sessions used by UTM proxy
  • Have you reached the maximum number of sessions for a protocol?
  • Are new sessions failing to start for a certain protocol?
Checking the number of sessions that UTM proxy uses
Firewall session list
  • Are there active firewall sessions?
Using a session table
Wireless Network Is the wireless network working properly? Checking wireless information
FortiGuard connectivity Is the FortiGate communicating properly with FortiGuard? Verifying connectivity to FortiGuard
Sniffer trace
  • Is traffic entering the FortiGate? Does the traffic arrive on the expected interface?
  • Is the ARP resolution correct for the next-hop destination?
  • Is the traffic exiting the FortiGate to the destination as expected?
  • Is the FortiGate sending traffic back to the originator?
Performing a sniffer trace (CLI and packet capture)
Packet flow Is traffic entering or leaving the FortiGate as expected? Debugging the packet flow