Fortinet 642 FortiWeb 5.0 Patch 6 Administration Guide
To check hardware connections
Ensure the network cables are properly plugged in to the interfaces on the FortiWeb
appliance.
Ensure there are connection lights for the network cables on the appliance.
Change the cable if the cable or its connector are damaged or you are unsure about the
cable’s type or quality.
Connect the FortiWeb appliance to different hardware to see if that makes a difference.
In the web UI, select Status > Network > Interface and ensure the link status is up for the
interface.
If the status is down (down arrow on red circle), click Bring Up next to it in the Status column.
You can also enable an interface in CLI, for example:
config system interface
edit port2
set status up
end
If any of these checks solve the problem, it was a hardware connection issue. You should still
perform some basic software tests to ensure complete connectivity.
If the hardware connections are correct and the appliance is powered on but you cannot
connect using the CLI or web UI, you may be experiencing bootup problems. See “Bootup
issues” on page 658.
Examining the ARP table
When you have poor connectivity, another good place to look for information is the address
resolution protocol (ARP) table. A functioning ARP is especially important in high-availability
configurations.
To check the ARP table in the CLI, enter:
diagnose network arp list
Checking routing
ping and traceroute are useful tools in network connectivity and route troubleshooting.
Since you typically use these tools to troubleshoot, you can allow ICMP, the protocol used by
these tools, in firewall policies and on interfaces only when you need them. Otherwise, disable
ICMP for improved security and performance.
By default, the FortiWeb appliance will forward only HTTP/HTTPS traffic to your protected web
servers. (That is, routing/IP-based forwarding is disabled.) For information on enabling
forwarding of FTP or other protocols, see the config router setting command in the
FortiWeb CLI Reference.
By default, FortiWeb appliances will respond to ping and traceroute. However, if the
appliance does not respond, and there are no firewall policies that block it, ICMP type 0
(ECHO_REPSPONSE) might be effectively disabled.
To enable ping and traceroute responses from FortiWeb
1. Go to System > Network > Interface.
To access this part of the web UI, you must have Read and Write permission in your
administrator's account access profile to items in the Router Configuration category. For
details, see “Permissions” on page 47.