Configure Network Settings > Network Interface Settings > Troubleshoot Network Connectivity

Troubleshoot Network Connectivity

To test and troubleshoot your network, you can use tools available on your client computer and on your Firebox. For the tests that involve commands issued from a Windows client computer, use a computer on a trusted, optional, or custom network connected to the Firebox.

Network Troubleshooting Tools

Use these tools and methods to test network connectivity and host name resolution on your network. These test methods are referenced in the troubleshooting steps in the subsequent sections.

Troubleshoot Outbound Connections

To identify the cause of Internet connection problems from computers on your local network, start with ping tests from a local computer on your network to the Firebox or a local server on your network. If that is successful, the next step is to test routing and DNS resolution to hosts outside your local network. Use the instructions in the previous section to run the diagnostic commands used in these tests and to look at log messages.

Test 1 — Ping an Internal IP Address

From your local computer, attempt to ping other internal IP addresses on the same local network. For example try to ping a local network server, or the IP address of a Firebox internal interface. To start a ping from a Windows computer, use the instructions in the preceding section.

If you are unable to ping the internal IP address of the Firebox, this could indicate a problem with the configuration on the Firebox, or a problem with your local network configuration or cabling. To see the IP address and default gateway in local network configuration on a client computer, from the Windows command prompt, use the ipconfig command.

Look at the ipconfig command output and consider these possible causes for the ping failure:

Test 2 — Ping the Default Gateway of the Firebox

If you can successfully ping the IP address of the Firebox interface, test whether traffic from the client computer can be routed to addresses outside the Firebox. To test this, from your Windows computer attempt to ping the default gateway for the Firebox external interface. This will confirm that your computer can route to a host outside the Firebox, and that your Firebox is configured to allow these ping requests.

You can see the IP address of the Firebox external default gateway in WatchGuard System Manager, or in the Interfaces dashboard in Fireware Web UI.

If your network has an Internet gateway other than the Firebox, Internet-bound traffic from clients on your network might not be routed through the Firebox. To verify that outbound traffic to the Internet goes through the Firebox, enable logging of allowed packets in the ping policy and verify that log messages are created for ping requests from your network. For details about how to do this, see the preceding Network Troubleshooting Tools section.

If your ping to the default gateway of the Firebox external interface fails, check for one of these causes:

Test 3 — Test DNS Resolution

If you can successfully ping the default gateway of your Firebox, the next step is to test DNS resolution. To test DNS resolution, attempt to ping a remote web host, such as If this fails, attempt to ping a remote IP address, such as the DNS server for your ISP, or a public DNS server such as or If you can successfully ping a remote IP address, but cannot ping a host name, that indicates a problem with DNS resolution.

If DNS resolution fails, investigate these possible causes:

See Also

Routes and Routing

About Multi-WAN

Give Us Feedback     Get Support     All Product Documentation     Technical Search