Saturday, January 20, 2024

A quick check for a momentary interruption of the internet on FortiGate

0) Check L1 - cabling, interfaces, transceivers, etc..

Check the arp table and interface status:

1) get system arp 

2) diagnose ip arp list 

3) diagnose netlink interface list port5 

4) diagnose hardware deviceinfo nic port5 

Run a packet sniffer to verify whether FGT is sending packets and receives them:

5.1 diagnose sniffer packet port5 'host X.X.X.X' 4 0 a - run this command on a separate terminal at the same time with the 5.2 commands (to stop it enter CTRL+C) 

5.2 execute ping-options source Y.Y.Y.Y  # y.y.y.y is IP address of the existing interfaces

execute ping X.X.X.X  # x.x.x.x is default gateway

execute ping 8.8.8.8 

execute ping fortinet.com 

execute traceroute-options source Y.Y.Y.Y

execute traceroute X.X.X.X 

execute traceroute 8.8.8.8 


at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

FMG doesn't provide FGD service to hidden devices

 1) If a device is hidden ( https://docs.fortinet.com/document/fortimanager/7.4.2/administration-guide/115931/hiding-unauthorized-devices), ...

  • How to troubleshoot ForitOS Security Fabric issues.
    === before troubleshooting and to save your time ===  - please make sure that you are not using VDOMs (VDOMs cannot be enabled when Security...
  • npu_state_err flags
       While investigating NPU-relevant issues, the following npu_state_err flags in the session table entry could help you identify the cause o...
  • NP6 not offloading cases
    - TCP control flags (SYN, SYN/ACK, FIN, FIN/ACK, RST) - One icmp/udp request and one response - FGT wants to generate ICMP message -...