I really dont get it. I wanted to try a FG30E in my office (before I had a FG60F and everything works fine) with OS 6.0.15. Before I did a factory reset to start from scratch.
After the configuration in my office I had internet access and everything from the 192.168.25.145.
LAN is 192.168.25.0/24 and my PC has the 192.168.25.145 (just as with the FG60F). I configured the SSL VPN to have access from outside to the 192.168.25.145 when I realized that I can establish the SSL VPN but I cannot connect via RDP. I cant PING the 145.
Also I tried directly with a VIP to get RDP access for emergencys to connect to this PC and of course it doesnt work. I double checked Interface and IP config from the PC, Policy, restarted, etc. On Device Inventory I can see the IP and the MAC.
So weird, I really dont know what else to check. Maybe a hardware problem?
Could also be some routing issue. If there is no NAT enabled on the polliy to 192.168.25.xxx subnet the pc will rececive your ping with the original source ip and it then will need to have a route back to there (or the default gw must be your FGT).
You could do some flow debug on your FortiGates to check that.
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
still nothing, I am now in the office and I would like to try also with another host. Cant be the windows firewall, first it is disabled and second it worked yesterday with the other FG.
This is what I get from the sniffer....what is eth0? Reminds me of old Juniper times ;)
FGT30E3U17022826 # diag sniff packet any "host 192.168.25.145 and icmp" 4 0 a interfaces=[any] filters=[host 192.168.25.145 and icmp] 2022-09-13 11:30:46.755253 lan out 192.168.25.1 -> 192.168.25.145: icmp: echo re quest 2022-09-13 11:30:46.755263 eth0 out 192.168.25.1 -> 192.168.25.145: icmp: echo r equest 2022-09-13 11:30:47.770778 lan out 192.168.25.1 -> 192.168.25.145: icmp: echo re quest 2022-09-13 11:30:47.770784 eth0 out 192.168.25.1 -> 192.168.25.145: icmp: echo r
Definitely a weird one. At this point it appears to be something to do with the device... considering we could see the ping packets leaving the FortiGate and the device was directly connected. Perhaps some other process besides Windows Firewall blocking?