Category Archives: How To

How to check hardware connections

How to check hardware connections

If there is no traffic flowing from the FortiGate unit, it may be a hardware problem. To check hardware connections:

  • Ensure the network cables are properly plugged into the interfaces.
  • Ensure there are connection lights for the network cables on the unit.
  • Change the cable if the cable or its connector are damaged or you are unsure about the cable’s type or quality—such as straight through or crossover, or possibly exposed wires at the connector.
  • Connect the FortiGate unit to different hardware.
  • Ensure the link status is set to Up for the interface, (see Network > Interface > Status). The link status is based on the physical connection and cannot be set in FortiOS.

 

If any of these solve the problem, it was a hardware connection problem. You should still perform some basic software connectivity tests to ensure complete connectivity. It might also be that the interface is disabled, or has its Administrative Status set to Down.

 

To enable an interface – web-based manager

1. Using the web-based management interface, go to System > Network > Interface.

2. Select and edit the interface to enable, such as port1.

3. Find Administrative Status at the bottom of the screen, and select Up.

4. Select Apply.

 

To enable an interface – CLI

config system interface edit port1

set status up next

end

How to verify the contents of the routing table (in NAT mode)

How to verify the contents of the routing table (in NAT mode)

When you have some connectivity, or possibly none at all a good place to look for information is the routing table. The routing table is where all the currently used routes are stored for both static and dynamic protocols. If a route is in the routing table, it saves the time and resources of a lookup. If a route is not used for a while and a new route needs to be added, the oldest least used route is bumped if the routing table is full. This ensures the most recently used routes stay in the table. If your FortiGate unit is in Transparent mode, you are unable to perform this step.

If the FortiGate is running in NAT mode, verify that all desired routes are in the routing table: local subnets, default routes, specific static routes, and dynamic routing protocols.

To check the routing table in the web-based manager, use the Routing Monitor by going to Router > Monitor > Routing Monitor.

 

In the CLI, use the command get router info routing-table all. Sample output:

FGT# get router info routing-table all

Codes:

K – kernel, C – connected, S – static, R – RIP, B – BGP O – OSPF, IA – OSPF inter area

N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2

E1 – OSPF external type 1, E2 – OSPF external type 2

i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter area

* – candidate default

S* 0.0.0.0/0 [10/0] via 172.20.120.2, wan1

C 10.31.101.0/24 is directly connected, internal

C 172.20.120.0/24 is directly connected, wan1

Basic FortiGate Configuration On FortiOS 5.4.x

This is a short little stream of concious video relating to how I like to configure my SOHO units (smaller units) when they are new arrivals. I cover some simple things like why I setup policies the way I do etc. If you have specific video topics you would like me to cover please let me know. I want to provide what Fortinet users want.

How to see errors and discards on FortiGate interfaces

Question: How do I go about seeing interface statistics such as discards, errors etc?

I get this question a lot and figured I would make a post about it to help the masses. There is a simple way to do this. In the CLI there is a command called “fnsysctl” that you can expand upon. For example, you can type “fnsysctl ls” and get a drill down of directories. To see interface statistics you can use this command with the following expansion:

“fnsysctl ifconfig <interface name>” to see the information you are looking for. For instance, “fnsysctl ifconfig wan1”

Give it a try on your FortiGate now to see the output and learn how to use it for troubleshooting 🙂

How To – Basic OSPF Configuration On FortiGates Running 5.4.1

I had some people ask me how to configure some basic OSPF on a FortiGate so I created the following how to video. Yes, I know I need to get better at explaining things in videos. I get shy though…oh wells. Check out the video below to see how to do a basic OSPF configuration on a set of FortiGates running FortiOS 5.4.1. I mention some other ways you can bring OSPF into the environment (via IPSec tunnels etc) and I will create more in-depth videos in the future that dive into the more advanced features of OSPF on the FortiGate.

 

How to Manage FortiSwitch from FortiGate

Managing your FortiSwitch from your FortiGate is an awesome feature set that Fortinet implemented in their hardware. 5.4.1 makes it so much easier to accomplish this. Nothing sucks worse than running out of port density on your FortiGate. Now you really don’t have to worry about it (ok, you didn’t really have to before but it is neat none-the-less)