| Description |
This article describes behavior where users configure a cluster VMs Active-Pasive in Oracle environment, but the traffic from internal Oracle networks stops answering after a failover. |
| Scope | FortiGate cluster in Oracle. |
| Solution |
Users may encounter the following scenario:
The red LAN on premise 192.168.0.x can communicate with no issues with internal LAN from Oracle through the VPN when the VM Active is being used.
However, after a failover, traffic directed to the internal Oracle segment stops working.
In the sniffer, FortiGate VM receives the traffic, then allows and forward the traffic using the correct interface
2025-10-30 01:13:02.026588 VPN_Inter in 192.168.0.X.54844 -> 10.0.0.20.9443: syn 211796114
FortiGate applies an SNAT using the IP of port_LAN and allows the traffic. However, there is no answer.
Solution:
In Oracle VM Passive, check the internal interface and confirm whether the option 'Skip source/destination check' is disable.
See the Oracle Docs VNICs for more information.
If it is disabled, because FortiGate is applying an NAT, the Oracle interface internal VM will block the traffic. Enable this check to solve the issue. |
