Troubleshooting Common questions

Common questions

The general troubleshooting tips include, and can help answer, the following questions:

 

How to check hardware connections

  • Are all the cables and interfaces connected properly?
  • Is the LED for the interface green?

 

How to check FortiOS network settings

  • If you are having problems connecting to the management interface, is your protocol enabled on the interface for administrative access?
  • Is there an IP address on the interface?

How to check CPU and memory resources

  • Is your CPU running at almost 100 percent usage?
  • Are you running low on memory?

 

How to check modem status

  • Is the modem connected?
  • Are there PPP issues?

 

How to run ping and traceroute

  • Are you experiencing complete packet loss?

 

How to check the logs

  • Do you need to identify a problem?

 

How to verify the contents of the routing table (in NAT mode)

  • Are there routes in the routing table for default and static routes?
  • Do all connected subnets have a route in the routing table?
  • Does a route wrongly have a higher priority than it should?

 

How to verify the correct route is being used

  • Has the traffic been routed correctly?

 

How to verify the correct firewall policy is being used

  • Is the correct firewall policy applied to the expected traffic?

 

How to check the bridging information in Transparent mode

  • Are you having problems in Transparent mode?

 

How to check number of sessions used by UTM proxy

  • Have you reached the maximum number of sessions for a protocol?
  • Are new sessions failing to start for a certain protocol?

 

How to examine the firewall session list

  • Are there active firewall sessions?

 

How to check wireless information

  • Is the wireless network functioning properly?

 

How to verify FortiGuard connectivity

  • Is the FortiGate unit communicating properly with FortiGuard?

 

How to perform a sniffer trace (CLI and Packet Capture)

  • Is traffic entering the FortiGate unit and does it arrive on the expected interface?
  • Is the ARP resolution correct for the next-hop destination?
  • Is the traffic exiting the FortiGate unit to the destination as expected?
  • Is the traffic being sent back to the originator?

 

How to debug the packet flow

  • Is the traffic entering or leaving the FortiGate unit as expected?
This entry was posted in FortiOS, FortiOS 5.4 Handbook and tagged on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.