Fortiwifi 50B policy issue

Question

I have a fortiwifi 50B which I have upgraded but the old policy is lost. The old policy did work.

I am not certain steps to re-create the basic access. The 50B sits behind an existing cable modem.

I can access via wifi the 50B and get a DHCP administered address.

My wifi attached device can ping the inside address of the 50B and I can access via a browser (on the cable modem LAN) management access on the 50B

From the 50B's console I can ping the cable modem and as well an internet destination via the url.

I am unable to get through to the internet from the wifi attached device?

My policy looks like for this access:

config firewall policy edit 2 set srcintf "wifi" set dstintf "wan1" set srcaddr "Local_Wifi" set dstaddr "0.0.0.0/0.0.0.0" set action accept set schedule "always" set service "ANY" set utm-status enable set logtraffic enable set av-profile "default" set webfilter-profile "default" set spamfilter-profile "default" set ips-sensor "default" set application-list "default" set profile-protocol-options "default" set nat enable next

My firmware is:

Version: FortiWiFi-50B v4.0,build0694,161108 (MR3 Patch 19)

Is there something here I have missed?

Toshi_Esumi · Answer

Try "set utm-status disable" to see if it's something to do with those "default" profiles or connectivity issue to FortiGuard servers. Then you probably need to run flow debug (diag debug flow) to see the reason why those attempts are dropped. I think you can still find those CLI for v4.3 at the KB or other internet sites.

By the way, do you actually have "0.0.0.0/0.0.0.0" configured under config firewall address you're using for dest addr? It's regularly "all" or "ALL", which is pre-configured as subnet "0.0.0.0 0.0.0.0". I don't remember well for 4.3 because it was long time ago we used the version.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded