If your FortiGate does not function as desired after installation, try the following troubleshooting tips:
- Check for equipment issues
Verify that all network equipment is powered on and operating as expected. Refer to the QuickStart Guide for information about connecting your FortiGate to the network.
- Check the physical network connections
Check the cables used for all physical connections to ensure that they are fully connected and do not appear damaged, and make sure that each cable connects to the correct device and the correct Ethernet port on that device.
- Verify that you can connect to the internal IP address of the FortiGate
Connect to the GUI from the FortiGate’s internal interface by browsing to its IP address. From the PC, try to ping the internal interface IP address; for example,
ping 192.168.1.99. If you cannot connect to the internal interface, verify the IP configuration of the PC. If you can ping the interface but can't connect to the GUI, check the settings for administrative access on that interface. Alternatively, use SSH to connect to the CLI, and then confirm that HTTPS has been enabled for Administrative Access on the interface.
- Check the FortiGate interface configurations
Check the configuration of the FortiGate interface connected to the internal network (under Network > Interfaces) and check that Addressing mode is set to the correct mode.
- Verify the security policy configuration
Go to Policy & Objects > Firewall Policy and verify that the internal interface to Internet-facing interface security policy has been added and is located near the top of the policy list. Check the Active Sessions column to ensure that traffic has been processed (if this column does not appear, right-click on the table header and select Active Sessions). If you are using NAT mode, check the configuration of the policy to make sure that NAT is enabled and that Use Outgoing Interface Address is selected.
- Verify the static routing configuration
Go to Network > Static Routes and verify that the default route is correct. Go to Monitor > Routing Monitor and verify that the default route appears in the list as a static route. Along with the default route, you should see two routes shown as Connected, one for each connected FortiGate interface.
- Verify that you can connect to the Internet-facing interface’s IP address
Ping the IP address of the Internet-facing interface of your FortiGate. If you cannot connect to the interface, the FortiGate is not allowing sessions from the internal interface to Internet-facing interface. Verify that PING has been enabled for Administrative Access on the interface.
- Verify that you can connect to the gateway provided by your ISP
Ping the default gateway IP address from a PC on the internal network. If you cannot reach the gateway, contact your ISP to verify that you are using the correct gateway.
- Verify that you can communicate from the FortiGate to the Internet
Access the FortiGate CLI and use the command
execute ping 18.104.22.168. You can also use the
execute traceroute 22.214.171.124command to troubleshoot connectivity to the Internet.
- Verify the DNS configurations of the FortiGate and the PCs
Check for DNS errors by p