1

We have an Fortigate 60D at our office.

We are only with 3 people, and I am the only one using the bandwidth.
We got 120 down/ 60 up. Which is good I suppose.

However… Every 30 minutes the firewall experiences an issue where the web pages no longer load, and everything just drops for about an minute. This started happening as of an week ago without major changes.

We got 2 IPSEC tunnels, and a couple of addresses which are NATed.
Is this to much>? Or how can I troubleshoot this?

I’m not an network admin by any means, I can find my way trough the GUI without a problem. Understand the terminology but I have no experience troubleshooting trough the CLI. any advice?

3 Spice ups
2

Hi,

Do you have web filtering applied on the device?

Regards,

Maurice

3

yes I do.

4

When the problem occurs, do you do any changes so it works again?

5

It starts working out of nowhere after about 30 seconds again

6

This problem may be caused of a disconnection between the fortigate and the FQDN servers; what you can do go to the web filtering; check ‘Allow Websites When a Rating Error Occurs’ and try it. Advise if this has solved your problem

7

That option is already turned on. any other suggestions?

8

Did you try to reboot the device?

In addition a firmware upgrade can be helpful.

9

try to start 3 ping simultaneously.

One to your firewall.

One to 8.8.8.8

and one to google.com.

See which one is crashing.

If 1 ,2 and 3 crash, you have a problem with your unit of your switch.

if only 2 and 3, you have a problem of firewall.

if only 3, then you have a dns problem.

2 Spice ups
10

Be carefull with fortigate firmware update.
It is not always recommended to use the latest firmware.

11

we’re on 5.2.2 when we had troubles with the ipsec tunnels to certain cisco firewalls. But ye… Fortigate + firmware updates equals hell! and yes, tried to reboot.

12

Anything in the Firewall logs?

Is the CPU or Memory spiking on the firewall? If memory spikes it will go into conserve mode.

As a test turn off web filtering for internal to internet and see if anything happens.

Fortinet Support is really good as well if you can get them to troubleshoot the issue.

13

memory is oke, CPU sometimes spikes up to 80% and sometimes even 100%, but overal the stats seem to be oke

14

I would open a support ticket with Fortinet if you can. They can remote into the firewall, if you let them, and they can dig deeper into the logs.

15

Michael Adam’s suggestion of ping tests is the most ideal and basic thing you can do for troubleshooting. When you experience the issue, look into the ping tests and see what had been interrupted. From there, you could isolate the issue and troubleshoot further.

16

Do you have any messages in the alert console stating that the fortigate has reached the limit for x seconds?

17

“The support coverage of the unit is not entitled to create this type of ticket.”

Can’t get fortigate support.

Next time It will be me who will buy our hardware thankfully…

Pingen naar www.google.nl [173.194.67.94] met 32 bytes aan gegevens:

Antwoord van 173.194.67.94: bytes=32 tijd=16 ms TTL=48

Antwoord van 173.194.67.94: bytes=32 tijd=13 ms TTL=48

Antwoord van 173.194.67.94: bytes=32 tijd=15 ms TTL=48

Antwoord van 173.194.67.94: bytes=32 tijd=14 ms TTL=48

Ping-statistieken voor 173.194.67.94:

Pakketten: verzonden = 4, ontvangen = 4, verloren = 0

(0% verlies).

De gemiddelde tijd voor het uitvoeren van ‚‚n bewerking in milliseconden:

Minimum = 13ms, Maximum = 16ms, Gemiddelde = 14ms

Pingen naar 8.8.8.8 met 32 bytes aan gegevens:

Antwoord van 8.8.8.8: bytes=32 tijd=13 ms TTL=57

Antwoord van 8.8.8.8: bytes=32 tijd=11 ms TTL=57

Antwoord van 8.8.8.8: bytes=32 tijd=8 ms TTL=57

Antwoord van 8.8.8.8: bytes=32 tijd=9 ms TTL=57

Ping-statistieken voor 8.8.8.8:

Pakketten: verzonden = 4, ontvangen = 4, verloren = 0

(0% verlies).

De gemiddelde tijd voor het uitvoeren van ‚‚n bewerking in milliseconden:

Minimum = 8ms, Maximum = 13ms, Gemiddelde = 10ms

Pingen naar 172.19.3.1 met 32 bytes aan gegevens:

Antwoord van 172.19.3.1: bytes=32 tijd<1 ms TTL=255

Antwoord van 172.19.3.1: bytes=32 tijd<1 ms TTL=255

Antwoord van 172.19.3.1: bytes=32 tijd<1 ms TTL=255

Antwoord van 172.19.3.1: bytes=32 tijd<1 ms TTL=255

Ping-statistieken voor 172.19.3.1:

Pakketten: verzonden = 4, ontvangen = 4, verloren = 0

(0% verlies).

De gemiddelde tijd voor het uitvoeren van ‚‚n bewerking in milliseconden:

Minimum = 0ms, Maximum = 0ms, Gemiddelde = 0ms

Ping seems fine.

You mean at Dashboard? Nothing there.

I’m using spiceworks monitor,
and I see the Connnection just reached 10000kb I/O 818 packets a second.
Is that to much?

It’s only a spike but i’m just wondering.

Also, I’m monitoring the memory and cpu usage on the fortigate dashboard and it never goes over 60% at the cpu, and memory 25% at max

18

Did you try to change the connected port of the Fortigate to the switch it could be a physical problem and not a configuration problem.

Is the device licensed?

19

Hi Guys,

turns out it’s the physical cabling from out ISPN.
I was on the phone and the same time the internet dropped. So it’s not the fortigate after all.
thanks for the all the help and support !

20

Great news.

If you want, you can mark your own answer as best answer :slight_smile: