Created on 12-23-2021 05:06 AM Edited on 12-23-2021 05:11 AM
I would like to access one of local address in another local network but still no news.
On Fortigate 80F(FortiOS v7.0.2) I set something that you can see below:
set uuid e1e4a43a-4234-51ec-1d33-78ef82b1ea54
set subnet 10.2.x.x 255.255.255.0
config firewall policy
set name "Any to CUP"
set uuid cc69133e-6340-51ec-a051-06a9cb3d812b
set srcintf "any"
set dstintf "any"
set action accept
set srcaddr "all"
set dstaddr "CUP-Portal" "LAN-CUP-10.2.x.x/24" "Portal"
set schedule "always"
set service "ALL"
set ssl-ssh-profile "Test for Portal CUP"
set logtraffic all
There is also static route for destination network.
Inside the Firewall I can ping 10.2.x.x/24 but from source network (192.168.10.x ) can not ping 10.2.x.x/24.
Do you have any ideas?
Thank you so much
Solved! Go to Solution.
Created on 12-23-2021 05:44 AM Edited on 12-23-2021 05:46 AM
Have you check if you see the packet icmp in firewall ? you can check this one with diagnose sniffer packet any 'icmp and host 10.2.x.x' 4
If you look the icmp packet, you can check flow diagnostic. To check why the packet is blocked.
Yes, I have also tried this and when I ping the destination everything goes well. but can not open the page in local machine .
can you post the return diag sniffer ? because in your post i see source network (192.168.10.x ) can not ping 10.2.x.x/24... you do have change configuration for that?
You can send the result for diag sniffer packet any 'host x.x.x.x and port 443' 4 if your portal is in HTTPS with standard port.
For your information:
FortiGate-80F # execute ping 10.2.0.6
PING 10.2.0.6 (10.2.0.6): 56 data bytes
64 bytes from 10.2.0.6: icmp_seq=0 ttl=126 time=0.3 ms
64 bytes from 10.2.0.6: icmp_seq=1 ttl=126 time=0.2 ms
64 bytes from 10.2.0.6: icmp_seq=2 ttl=126 time=0.2 ms
64 bytes from 10.2.0.6: icmp_seq=3 ttl=126 time=0.2 ms
64 bytes from 10.2.0.6: icmp_seq=4 ttl=126 time=0.2 ms
--- 10.2.0.6 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.2/0.2/0.3 ms
after hitting the command which you told me I got no answer:
FortiGate-80F # diagnose debug flow filter daddr 10.2.0.6
yes for this one, but you have write ping is ko from source network to CUP-PORTAL host. It's for this test, i would look the result of diagnose sniffer packet.
I know what you mean, but after hitting the "diagnose debug flow filter daddr 10.2.0.6 " there is no any result on Firewall,
yes i have understand that. but i can not look the diagnose packet fortinet. You can check too the DNS resolution from localmachine.
Client claim that, 10 days ago he could access to this portal without any issue. during this interval I did not change anything on FW. I am tired with these issue. :(