Fortinet 5.0 Patch 6 Examining the ARP table, Checking routing

Fortinet 642 FortiWeb 5.0 Patch 6 Administration Guide

To check hardware connections

• Ensure the network cables are properly plugged in to the interfaces on the FortiWeb

appliance.

• Ensure there are connection lights for the network cables on the appliance.

• Change the cable if the cable or its connector are damaged or you are unsure about the

cable’s type or quality.

• Connect the FortiWeb appliance to different hardware to see if that makes a difference.

• In the web UI, select Status > Network > Interface and ensure the link status is up for the

interface.

If the status is down (down arrow on red circle), click Bring Up next to it in the Status column.

You can also enable an interface in CLI, for example:

config system interface

edit port2

set status up

end

If any of these checks solve the problem, it was a hardware connection issue. You should still

perform some basic software tests to ensure complete connectivity.

If the hardware connections are correct and the appliance is powered on but you cannot

connect using the CLI or web UI, you may be experiencing bootup problems. See “Bootup

issues” on page 658.

Examining the ARP table

When you have poor connectivity, another good place to look for information is the address

resolution protocol (ARP) table. A functioning ARP is especially important in high-availability

configurations.

To check the ARP table in the CLI, enter:

diagnose network arp list

Checking routing

ping and traceroute are useful tools in network connectivity and route troubleshooting.

Since you typically use these tools to troubleshoot, you can allow ICMP, the protocol used by

these tools, in firewall policies and on interfaces only when you need them. Otherwise, disable

ICMP for improved security and performance.

By default, the FortiWeb appliance will forward only HTTP/HTTPS traffic to your protected web

servers. (That is, routing/IP-based forwarding is disabled.) For information on enabling

forwarding of FTP or other protocols, see the config router setting command in the

FortiWeb CLI Reference.

By default, FortiWeb appliances will respond to ping and traceroute. However, if the

appliance does not respond, and there are no firewall policies that block it, ICMP type 0

(ECHO_REPSPONSE) might be effectively disabled.

To enable ping and traceroute responses from FortiWeb

1. Go to System > Network > Interface.

To access this part of the web UI, you must have Read and Write permission in your

administrator's account access profile to items in the Router Configuration category. For

details, see “Permissions” on page 47.