A network administrator connects his PC to the INTERNAL interface on a FortiGate unit. The administrator
attempts to make an HTTPS connection to the FortiGate unit on the VLAN1 interface at the IP address of
10.0.1.1, but gets no connectivity.
The following troubleshooting commands are executed from the CLI:
user1 # get system interface
== [ internal ]
namE. internal modE. static ip: 10.0.1.254 255.255.255.128 status: up netbios-forwarD. disable typE.
physical mtu-overridE. disable == [ vlan1 ]
namE. vlan1 modE. static ip: 10.0.1.1 255.255.255.128 status: up netb ios-forwarD. disable typE. vlan mtuoverridE. disable
user1 # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF
external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
S 10.0.0.0/8 [10/0] is a summary, Null
C 10.0.1.0/25 is directly connected, vlan1
C 10.0.1.128/25 is directly connected, internal
user1 # diagnose debug flow trace start 100
user1 # diagnose debug ena
user1 # diagnose debug flow filter daddr 10.0.1.1 10.0.1.1
id=20085 trace_id=277 msg="vd-root received a packet(proto=6, 10.0.1.130 :47922->10.0.1.1:443) from
internal."
id=20085 trace_id=277 msg="allocate a new session-00000b21" id=20085 trace_id=277
msg="iprope_in_check() check failed, drop" Based on the output from these commands, which of the
following is a possible cause of the problem?
A. The FortiGate unit has no route back to the PC.
B. The PC has an IP address in the wrong subnet.
C. The PC is using an incorrect default gateway IP address.
D. There is no firewall policy allowing traffic from INTERNAL -> VLAN1.