Strange routing issue

Forum|Forum|2 years ago
June 19, 2023
1 reply
1047 views

Hello,
I am having a problem with clients on several networks on my Fortigates.

Affected clients cannot access anything past the inter-VDOM link, so can ping their own gateway but a traceroute stops at the inter-VDOM link IP. Other devices in the same subnet, under the same rules will work fine, I'll try giving it the next IP address, sometimes it will then start working, other times I have to try again to find one which does.
3 hours ago I rebooted the Primary firewall in our Active-Active cluster and that made some of the working ones start to fail and some failed ones started working again.

Any ideas of more troubleshooting I could do? At first I thought it could be a rogue DHCP server but there is no evidence of that in Wireshark traces and I have the same issues when statically assigning addresses.

Thanks!

FortiGate

andershAuthor

Visitor III

Sorry, worked this out.

Turns out there was an SD-WAN interface which was up, even though there was no WAN connection on the end, only the connection from the Fortigate to the switch was configured, traffic must have been routed to this. I deleted it and all ok now.

I assumed the connection to the Internet would be monitored rather than the connection to VLAN if the router isn't directly connected.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded