Troubleshooting Common questions

Common questions

The general troubleshooting tips include, and can help answer, the following questions:

 

How to check hardware connections

  • Are all the cables and interfaces connected properly?
  • Is the LED for the interface green?

 

How to check FortiOS network settings

  • If you are having problems connecting to the management interface, is your protocol enabled on the interface for administrative access?
  • Is there an IP address on the interface?

How to check CPU and memory resources

  • Is your CPU running at almost 100 percent usage?
  • Are you running low on memory?

 

How to check modem status

  • Is the modem connected?
  • Are there PPP issues?

 

How to run ping and traceroute

  • Are you experiencing complete packet loss?

 

How to check the logs

  • Do you need to identify a problem?

 

How to verify the contents of the routing table (in NAT mode)

  • Are there routes in the routing table for default and static routes?
  • Do all connected subnets have a route in the routing table?
  • Does a route wrongly have a higher priority than it should?

 

How to verify the correct route is being used

  • Has the traffic been routed correctly?

 

How to verify the correct firewall policy is being used

  • Is the correct firewall policy applied to the expected traffic?

 

How to check the bridging information in Transparent mode

  • Are you having problems in Transparent mode?

 

How to check number of sessions used by UTM proxy

  • Have you reached the maximum number of sessions for a protocol?
  • Are new sessions failing to start for a certain protocol?

 

How to examine the firewall session list

  • Are there active firewall sessions?

 

How to check wireless information

  • Is the wireless network functioning properly?

 

How to verify FortiGuard connectivity

  • Is the FortiGate unit communicating properly with FortiGuard?

 

How to perform a sniffer trace (CLI and Packet Capture)

  • Is traffic entering the FortiGate unit and does it arrive on the expected interface?
  • Is the ARP resolution correct for the next-hop destination?
  • Is the traffic exiting the FortiGate unit to the destination as expected?
  • Is the traffic being sent back to the originator?

 

How to debug the packet flow

  • Is the traffic entering or leaving the FortiGate unit as expected?

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in FortiOS, FortiOS 5.4 Handbook and tagged on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.