Table of Contents
Advertisement
7. Verify the DNS configurations of the FortiGate unit and the PCs.
Check for DNS errors by pinging or using traceroute to connect to a domain name; for
example:
ping www.fortinet.com
ping: cannot resolve www.fre.com: Unknown host
If the name cannot be resolved, the FortiGate unit or PC cannot connect to a DNS server
and you should confirm the DNS server IP addresses are present and correct.
8. Verify the security policy configuration.
Go to Policy > Policy > Policy and verify that an internal -> wan1 security policy has been
added and check the Session column to ensure that traffic has been processed. Check the
configuration of the policy to make sure that Enable NAT and Use Destination Interface
Address is selected.
9. Verify the static routing configuration.
Go to Router > Static > Static Routes and verify that the default route is correct. Go to
Router > Monitor > Router Monitor and verify that the default route appears in the list as
a static route. Along with the default route, you should see at least two connected routes,
one for each connected FortiGate interface.
On some FortiGate models, routing options are configured by going to System > Network >
Routing or through the CLI.
10. Disable web filtering.
A web filtering security policy may block access to the website that you are attempting to
connect to. This could happen because the configuration of the default web filter profile is
blocking access to the site.
It is also possible that FortiGuard Web Filtering has produced a rating error for the website,
causing the web filter profile to block access. A rating error could occur for a number of
reasons, including not being able to access FortiGuard. To fix this problem, go to Security
Profiles > Web Filter > Profile and, in the default profile, enable Allow Websites When
a Rating Error Occurs.
Extra help: NAT/Route mode
11
Advertisement
Table of Contents
