Skip to main content
wraithhunter
wraithhunter
New Member
January 20, 2022
Question

Subnets

  • January 20, 2022
  • 1 reply
  • 1600 views


Have 2 subnets I am trying to have communication between.  I have set up firewall policies and policy routes to allow communication.  I am seeing the communication being denied by the local-in policy, not sure why.  here are some log information below.  Any idea why this communication is not working?  Destination inter face should be wifi on interface 2 and source is internal on interface 1. One other note I also have a Palo Alto behind the Fortigate.


 Fortigate 60F version 7.0.2

 

1 reply

AlexC-FTNT
Staff
AlexC-FTNT
Staff
March 17, 2022

Local-in policies control the traffic to the IPs defined on the FortiGate, not the traffic that passes through (from one interface to another). You may also see that if trusted hosts are defined for accessing the firewall.
According to your description, you should have an IPv4 policy (not local-in) to allow the traffic from internal (interface1) to wifi (interface2). If internal has IP 10.0.0.1/24 and wifi has the IP 10.0.1.1/24, you would get the traffic denied by the local-in policy if you try to connect from 10.0.0.7 (a PC on internal interface) to 10.0.1.1 (the IP of the Wifi interface) or even to 10.0.0.1 (if this access is not allowed).

 

Otherwise, for a traffic problem, you can use this guide:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connectivity/ta-p/192560

Terms & ConditionsAccessibility statement