Access Fortigate Firewall 100 D internal network from my Branch network.

Forum|Forum|10 years ago
August 6, 2015
4 replies
5152 views

I want to access my fortigate firewall 100D internal IP from my branch office network, what settings should I do for it. Details mentioned below:

Fortigate Firewall Internal IP = 192.168.1.1/24

Branch network IP = 192.168.2.0/24

Branch network PCs can access my whole network "192.168.1.0/24" and able to ping them too but not the firewall internal IP. These two offices connected through Juniper SSG 5 at both end through IPSec VPN tunnel.

ede_pfau

SuperUser

Without diagnosis which would immediately show you what the reason is:

- make sure there is a route to the .2 network on the FGT (gateway is the tunnel end)

- check that Administrative access allows ICMP on the internal FGT interface

Syed_Mehmood_AliAuthor

New Member

Thanks for your quick response Sir. I have made the route for my branch network on Fortigate through which I'm able to ping my branch network PCs from fortigate firewall but branch PCs is not able to ping the fortigate internal interface, I already allowed the ICMP on internal interface.

ede_pfau

SuperUser

ICMP could be blocked if you use 'Trusted Hosts' settings in the admin setup. There are several posts on this on the forums, please search for it.

edit: read this - [link]https://forum.fortinet.com/tm.aspx?m=122674[/link]

emnoc

New Member

The diag debug flow command is really what you should use and a packet sniffer. If the traffic is or is not arriving at the fortigate from the source_network(s), these 2 diagnostic approach will shed light.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded