Skip to main content
ksibhai
ksibhai
New Member
May 31, 2022
Question

INTER-BRACH CONNECTIVITY

  • May 31, 2022
  • 1 reply
  • 3241 views

Dear All,

 

Please note that we are having firewall in our office and two branches at different locations. it was connecting through internal IP route without firewall. but since we have installed FortiGate 60E firewall, the communication between branches are not working.

 

The following are the setup.

 

The firewall connected interface with public Ip in WAN1 : 10.10.100.100/255.255.255.248

 

port 0 internal 192.168.10.1/24

 

Branch 1: 192.168.101.1/24

Branch 2: 192.168.102.1/24

 

I have configured the static route between branches as following 192.168.12.1/24 WAN1 gateway 10.10.100.1

 

i am not able to ping any of the branch subnets

 

can anyone help?

1 reply

Debbie_FTNT
Staff & Editor
Debbie_FTNT
Staff & Editor
May 31, 2022

Hey ksibhai,

where does the 192.168.12.1/24 subnet come from? That is not the local subnet of your HQ (192.168.10.1/24) nor your branches (192.168.101.1/24 and 192.168.102.1/24).

As for the routing:

-> on the HQ you need a route to 192.168.101.0/24 and 192.168.102.0/24 via its gateway (10.10.100.100?)

-> on the branch offices, you need routes to 192.168.10.0/24 via their gateways

-> with that routing in place (and provided your network can route the requests) your FortiGates should be able to ping each other
-> for the 192.168.x.x subnets to ping each other, you would also need policies on each FortiGate in both directions, to allow inbound and outbound traffic

 

ksibhai
ksibhaiAuthor
New Member
May 31, 2022

Hi Debbi

 

Thanks for the response.

 

The branch is having following subnets of 192.168.101.1/24 and 192.168.102.1/24.

The HO internal subnet is 192.168.10.1/24

 

The fortiget is connected to WAN2 with public IP 10.10.100.100

 

The router gateway 10.10.100.1

 

I have created two static routes in fortigate for the branches as specified below,

 

192.168.101.0/24 with WAN2 interface and assigned gateway 10.10.100.1

 

192.168.102.0/24 with WAN2 interface and assigned gateway 10.10.100.1

 

The above both the branches are having NAT enabled. so we can communicate with HO internal subnet 192.168.10.0/24 from branches and vice versa without firewall. but with firewall unable to communicate.

 

NOTE: The firewall will communicate directly with branch router only.

 

hence, i would seek your assistance in configuring the same. if possible can you please post the firewall configuration.

 

Thank you so much

ksibhai
ksibhaiAuthor
New Member
May 31, 2022

One more thing forget to add here is the HO internal subnet is 192.168.10.0/24

 

Terms & ConditionsAccessibility statement