no internet in Fortigate firewall after replaced with ASA firewall
I recently replaced an ASA firewall with Fortigate firewall and I found nobody has internet.
I have created exactly same static routes as in ASA and the static route was a private IP.
Then I added a dynamic pool in the policy with the public IP provided by ISP. Then clients started getting internet.
But when I ping from Fortigate still no internet. Due to that I still cant register the device.
I have created exactly same static routes as in ASA and the static route was a private IP.
Then I added a dynamic pool in the policy with the public IP provided by ISP. Then clients started getting internet.
But when I ping from Fortigate still no internet. Due to that I still cant register the device.
J0rtIT
Contact your isp... Maybe the issue is not on the hardware or software point, it should be a configuration in the ISP, remember that they can even match it to a MAC address and of course the MAC of your ASA is different from the one in your FortiGate hardware. give them a call and let you know that you changed your perimeter firewall and get the MAC address (from ASA) handy.
ASKER
if I replace the Fortigate with ASA I can ping from ASA.
I checked with ISP. I was told there is no MAC filtering or MAC tagging, This is only point to point.
I checked with ISP. I was told there is no MAC filtering or MAC tagging, This is only point to point.
Ok, Same static address on ASA and Fortigate?
if so, check the DNS configured in the ASA (and tray a traceroute to 8.8.8.8 for example).
Make sure that you have the DNS server configured and well internet with the lowers priority in the network.
if so, check the DNS configured in the ASA (and tray a traceroute to 8.8.8.8 for example).
Make sure that you have the DNS server configured and well internet with the lowers priority in the network.
What do your nat statements look like?
ASKER
-->Ok, Same static address on ASA and Fortigate?
I have replaced ASA with Fortigate with same IP.
I have replaced ASA with Fortigate with same IP.
Hello MAS,
Verify with below tests,
1)Make sure that all interfaces are up and running.
2) Make sure that default route is configured with valid GW.
3) ping Local IP (execute ping x.x.x.x) from FGT
4) Ping Internet GW (execute ping x.x.x.x) from FGT
5) Ping 8.8.8.8 (execute ping x.x.x.x) from FGT
6) Ping www.google.com (execute ping x.x.x.x) from FGT
Post the above results here.
Good Luck!
Verify with below tests,
1)Make sure that all interfaces are up and running.
2) Make sure that default route is configured with valid GW.
3) ping Local IP (execute ping x.x.x.x) from FGT
4) Ping Internet GW (execute ping x.x.x.x) from FGT
5) Ping 8.8.8.8 (execute ping x.x.x.x) from FGT
6) Ping www.google.com (execute ping x.x.x.x) from FGT
Post the above results here.
Good Luck!
ASKER
Verify with below tests,
-->1)Make sure that all interfaces are up and running.
Its up and running.
-->2) Make sure that default route is configured with valid GW.
It is configured
-->3) ping Local IP (execute ping x.x.x.x) from FGT
I can ping local IPs
-->4) Ping Internet GW (execute ping x.x.x.x) from FGT
I can ing Gareway,
-->5) Ping 8.8.8.8 (execute ping x.x.x.x) from FGT
I cannt ping from firewall.
-->6) Pin/.g www.google.com (execute ping x.x.x.x) from FGT
I cannt ping from firewall.
-->1)Make sure that all interfaces are up and running.
Its up and running.
-->2) Make sure that default route is configured with valid GW.
It is configured
-->3) ping Local IP (execute ping x.x.x.x) from FGT
I can ping local IPs
-->4) Ping Internet GW (execute ping x.x.x.x) from FGT
I can ing Gareway,
-->5) Ping 8.8.8.8 (execute ping x.x.x.x) from FGT
I cannt ping from firewall.
-->6) Pin/.g www.google.com (execute ping x.x.x.x) from FGT
I cannt ping from firewall.
Hello MAS,
Reduce the MTU value on the wan interface and try. if still same issue, then ISP is doing some blocking.
Good Luck!
Reduce the MTU value on the wan interface and try. if still same issue, then ISP is doing some blocking.
Good Luck!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Fixed by adding a policy.