Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

sdiomande
New Contributor

FortiSandBox VM Gateway Configuration Issue

Hello team,
Please, I will once again solicit your help.
I try to configure the default gateway on a FortiSandBox VM and I get this error message  "gateway may not be set to port3."
The port3 has the address 192.168.140.2/24 and the default gatway is 192.168.140.1. This network is a new VLAN created especially for the communication of the FSA with Internet. I can not even ping the bridge from the FSA. When I put the address of port 3 (ie 192.168.140.2/24) on port4 and that I do the ping, everything works well. Port 3 and Port 4 of the FSA are connected to the same Switch with the same configurations on the ports of the Switch.

The FSA firmeware version is 2.4.1



Does somebody have an idea.

thank you in advance.

1 Solution
jwhite_FTNT

For clarification, there are two default routes that can be setup for each FortiSandbox appliance. 

1) FortiSandbox's system default route, which is used for security updates from FortiGuard and other routing needs.  The system default route can be configured on any interface except Port3

2) Port3 gateway setting is dedicated to VMs ONLY.  Port3 is used exclusively use by the VMs when performing behavioral analysis. 

In Summary: Port3 default gateway can not be used by the system or visa versa.  Port3 is only used by VMs for their routing access to the internet and the Port3 gateway is only configure under the general settings.

To test network configuration, please log into the CLI and execute the command "test-network".  The output of this command will indicated if routing and firewall policies are allowing the required sandbox features to properly operate.

View solution in original post

4 REPLIES 4
jwhite_FTNT
Staff
Staff

Port3 is dedicated for the VMs to access the internet, so you can not create a system default route out that interface.  You can route the system default route out any of the other interfaces.  Navigate to the General settings to set the port3 default route.  http://help.fortinet.com/fsandbox/olh/2-4-1/index.htm#FortiSandbox-241-Admin/800_Scan%20Policy/801_General.htm?Highlight=general

sdiomande

hi Jim,

Thank you for your feedback.

I have already used this method but it does not work for me. Also, i used this command set default-gw 192.168.140.1 in CLI.This will add and default route to the routing table of th FSA and the outgoing port will be the port 3. But it is this command that returns an error.

jwhite_FTNT

For clarification, there are two default routes that can be setup for each FortiSandbox appliance. 

1) FortiSandbox's system default route, which is used for security updates from FortiGuard and other routing needs.  The system default route can be configured on any interface except Port3

2) Port3 gateway setting is dedicated to VMs ONLY.  Port3 is used exclusively use by the VMs when performing behavioral analysis. 

In Summary: Port3 default gateway can not be used by the system or visa versa.  Port3 is only used by VMs for their routing access to the internet and the Port3 gateway is only configure under the general settings.

To test network configuration, please log into the CLI and execute the command "test-network".  The output of this command will indicated if routing and firewall policies are allowing the required sandbox features to properly operate.

sdiomande

Ok thank's.

Let do that.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the ā€œNominate to Knowledge Baseā€ button to recommend a forum post to become a knowledge article.