Skip to main content
antoniocerasuolo
antoniocerasuolo
Explorer
February 2, 2025
Question

routing between two subnets/ unable to connect to devices( printer/NAS)

  • February 2, 2025
  • 4 replies
  • 8236 views

hi,

 

I have two subnets :

wifi 10.8.8.0/24

internal 172.22.2.0/24 ( NAS,Printer)

 

I have created policies to route from wifi->internal and internal ->wifi, I am able to ping the NAS  and Printer from the wifi network but am unable to access the actual devices. in the policies in the source and destination i used the actual subnets and not the usual "all" for the policies, is this correct? I had also tried with all but didn't seem to work either so the issue must be something else...

 

I am able to access the fortigate admin on the internal from the wifi subnet but that seems to be about all i am able to do..

 

any idea how to get the visibility of the devices?

 

ciao,

Antonio

 

 

 

    4 replies

    AEK
    SuperUser
    AEK
    SuperUser
    February 2, 2025

    Ciao Altonio

    If you are able to ping but not able to access the services (NFS/CIF & print service) then it seems allowed Ping/ICMP but probably you didn't allow the required services.

    Try check which port numbers are used by your services then add them to the "Service" field in your firewall rule.

    AEK
      kwcheng__FTNT
      Staff
      kwcheng__FTNT
      Staff
      February 3, 2025

      Since you are able to reach to the FortiGate GUI interface and non other device than that which is within this subnet, why not SNAT your source IP to the FortiGate IP (the one which is the same subnet with other device) and check your connection again. This method basically narrow down the problem to determine whether this is a L3 or L2 related issues.

        dingjerry_FTNT
        Staff
        dingjerry_FTNT
        Staff
        February 3, 2025

        Hi @antoniocerasuolo ,

         

        Your description is not clear.

         

        1) "I am able to ping the NAS  and Printer from the wifi network but am unable to access the actual devices."

         

        This means the firewall policy is working at least for ICMP/Ping.

        For access the actual devices, what service do you need?  In other words, what port do you need to access?

        And you need to share all settings with the firewall policy, including source/destination addresses, if you applied a specific Service object, share it.

         

        2) "I am able to access the fortigate admin on the internal from the wifi subnet but that seems to be about all i am able to do.."

         

        Totally don't understand what you are talking about with the statement.

          dingjerry_FTNT
          Staff
          dingjerry_FTNT
          Staff
          February 3, 2025

          @antoniocerasuolo , forgot to ask you:

           

          I assume that you refer to the NAS, Printer for the actual devices.  Do they know how to reply to 10.8.8.0/24 subnet?

            antoniocerasuolo
            antoniocerasuoloAuthor
            Explorer
            February 3, 2025

            in the wifi-> internal & internal->wifi policies i created the service with the ip addressand the presumed ports for the devices i got from looking at the internal logs, but still doesnt work

            antoniocerasuolo
            antoniocerasuoloAuthor
            Explorer
            February 3, 2025

            at this stage i agree with yoiu this is not a fortigate issue!

            dingjerry_FTNT
            Staff
            dingjerry_FTNT
            Staff
            February 3, 2025

            If you have only those 3 firewall policies, this may not be a FortiGate issue.

             

            If you have other firewall policies, please try to disable all of them, just leave policy #29 for testing.

            Terms & ConditionsAccessibility statement