Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

sdiomande
New Contributor

Created on ‎08-17-2017 03:49 AM

FortiSandBox VM Gateway Configuration Issue

Hello team,
Please, I will once again solicit your help.
I try to configure the default gateway on a FortiSandBox VM and I get this error message  "gateway may not be set to port3."
The port3 has the address 192.168.140.2/24 and the default gatway is 192.168.140.1. This network is a new VLAN created especially for the communication of the FSA with Internet. I can not even ping the bridge from the FSA. When I put the address of port 3 (ie 192.168.140.2/24) on port4 and that I do the ping, everything works well. Port 3 and Port 4 of the FSA are connected to the same Switch with the same configurations on the ports of the Switch.

The FSA firmeware version is 2.4.1



Does somebody have an idea.

thank you in advance.

Labels:
448
0 Kudos
1 Solution
jwhite_FTNT
Staff
Staff
In response to sdiomande

Created on ‎08-17-2017 05:18 AM

For clarification, there are two default routes that can be setup for each FortiSandbox appliance. 

1) FortiSandbox's system default route, which is used for security updates from FortiGuard and other routing needs.  The system default route can be configured on any interface except Port3

2) Port3 gateway setting is dedicated to VMs ONLY.  Port3 is used exclusively use by the VMs when performing behavioral analysis. 

In Summary: Port3 default gateway can not be used by the system or visa versa.  Port3 is only used by VMs for their routing access to the internet and the Port3 gateway is only configure under the general settings.

To test network configuration, please log into the CLI and execute the command "test-network".  The output of this command will indicated if routing and firewall policies are allowing the required sandbox features to properly operate.

View solution in original post

436
0 Kudos
4 REPLIES 4
jwhite_FTNT
Staff
Staff

Created on ‎08-17-2017 04:00 AM

Port3 is dedicated for the VMs to access the internet, so you can not create a system default route out that interface.  You can route the system default route out any of the other interfaces.  Navigate to the General settings to set the port3 default route.  http://help.fortinet.com/fsandbox/olh/2-4-1/index.htm#FortiSandbox-241-Admin/800_Scan%20Policy/801_General.htm?Highlight=general

436
0 Kudos
sdiomande
New Contributor
In response to jwhite_FTNT

Created on ‎08-17-2017 04:13 AM

hi Jim,

Thank you for your feedback.

I have already used this method but it does not work for me. Also, i used this command set default-gw 192.168.140.1 in CLI.This will add and default route to the routing table of th FSA and the outgoing port will be the port 3. But it is this command that returns an error.

436
0 Kudos
jwhite_FTNT
Staff
Staff
In response to sdiomande

Created on ‎08-17-2017 05:18 AM

For clarification, there are two default routes that can be setup for each FortiSandbox appliance. 

1) FortiSandbox's system default route, which is used for security updates from FortiGuard and other routing needs.  The system default route can be configured on any interface except Port3

2) Port3 gateway setting is dedicated to VMs ONLY.  Port3 is used exclusively use by the VMs when performing behavioral analysis. 

In Summary: Port3 default gateway can not be used by the system or visa versa.  Port3 is only used by VMs for their routing access to the internet and the Port3 gateway is only configure under the general settings.

To test network configuration, please log into the CLI and execute the command "test-network".  The output of this command will indicated if routing and firewall policies are allowing the required sandbox features to properly operate.

437
0 Kudos
sdiomande
New Contributor
In response to jwhite_FTNT

Created on ‎08-17-2017 05:55 AM

Ok thank's.

Let do that.

436
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.