Fortinet black logo

Administration Guide

Troubleshooting scenarios

Troubleshooting scenarios

The following table is intended to help you diagnose common problems and provides links to the corresponding troubleshooting topics:

Problem

Probable cause

Recommended action

Hardware connections

  • Are all of the cables and interfaces connected properly?
  • Is the LED for the interface green?

Checking the hardware connections

FortiOS network settings

  • If you are having problems connecting to the management interface, is your protocol enabled on the interface for administrative access?
  • Does the interface have an IP address?

Checking FortiOS network settings

CPU and memory resources

  • Is the CPU running at almost 100 percent usage?
  • Is your FortiGate running low on memory?

Checking CPU and memory resources

Modem status

  • Is the modem connected?
  • Are there PPP issues?

Checking the modem status

Ping and traceroute

Is the FortiGate experiencing complete packet loss?

Running ping and traceroute

Logs

Do you need to identify a problem?

Checking the logs

Contents of the routing table (in NAT mode)

  • Are there routes in the routing table for default and static routes?
  • Do all connected subnets have a route in the routing table?
  • Does a route have a higher priority than it should?

Verifying routing table contents in NAT mode

Traffic routes

Is the traffic routed correctly?

Verifying the correct route is being used

Firewall policies

Is the correct firewall policy applied to the expected traffic?

Verifying the correct firewall policy is being used

Bridging information in transparent mode

Are you having problems in transparent mode?

Checking the bridging information in transparent mode

Firewall session list

  • Are there active firewall sessions?

Using a session table

Wireless Network

Is the wireless network working properly?

Checking wireless information

FortiGuard connectivity

Is the FortiGate communicating properly with FortiGuard?

Verifying connectivity to FortiGuard

Sniffer trace

  • Is traffic entering the FortiGate? Does the traffic arrive on the expected interface?
  • Is the ARP resolution correct for the next-hop destination?
  • Is the traffic exiting the FortiGate to the destination as expected?
  • Is the FortiGate sending traffic back to the originator?

Performing a sniffer trace (CLI and packet capture)

Packet flow

Is traffic entering or leaving the FortiGate as expected?

Debugging the packet flow

Troubleshooting scenarios

The following table is intended to help you diagnose common problems and provides links to the corresponding troubleshooting topics:

Problem

Probable cause

Recommended action

Hardware connections

  • Are all of the cables and interfaces connected properly?
  • Is the LED for the interface green?

Checking the hardware connections

FortiOS network settings

  • If you are having problems connecting to the management interface, is your protocol enabled on the interface for administrative access?
  • Does the interface have an IP address?

Checking FortiOS network settings

CPU and memory resources

  • Is the CPU running at almost 100 percent usage?
  • Is your FortiGate running low on memory?

Checking CPU and memory resources

Modem status

  • Is the modem connected?
  • Are there PPP issues?

Checking the modem status

Ping and traceroute

Is the FortiGate experiencing complete packet loss?

Running ping and traceroute

Logs

Do you need to identify a problem?

Checking the logs

Contents of the routing table (in NAT mode)

  • Are there routes in the routing table for default and static routes?
  • Do all connected subnets have a route in the routing table?
  • Does a route have a higher priority than it should?

Verifying routing table contents in NAT mode

Traffic routes

Is the traffic routed correctly?

Verifying the correct route is being used

Firewall policies

Is the correct firewall policy applied to the expected traffic?

Verifying the correct firewall policy is being used

Bridging information in transparent mode

Are you having problems in transparent mode?

Checking the bridging information in transparent mode

Firewall session list

  • Are there active firewall sessions?

Using a session table

Wireless Network

Is the wireless network working properly?

Checking wireless information

FortiGuard connectivity

Is the FortiGate communicating properly with FortiGuard?

Verifying connectivity to FortiGuard

Sniffer trace

  • Is traffic entering the FortiGate? Does the traffic arrive on the expected interface?
  • Is the ARP resolution correct for the next-hop destination?
  • Is the traffic exiting the FortiGate to the destination as expected?
  • Is the FortiGate sending traffic back to the originator?

Performing a sniffer trace (CLI and packet capture)

Packet flow

Is traffic entering or leaving the FortiGate as expected?

Debugging the packet flow