Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hhernandez
New Contributor

Connection problem to the public IP from the local network

I need help with the following problem.

 

I am on my local network . Wan1 I ping the interface ( public IP ) and does not respond to ping. I ping the gateway and responds . Wan1 I ping the interface ( public IP ) from CLI and responds . I have Internet connection. I can connect me to the firewall from the outside with public IP , not only from the inside . I need to validate redirects ports from inside the network. Currently I have to do it from my home.

 

Can anybody help me.

 

  ----------------------------------

 

Necesito ayuda con el siguiente problema.

 

Estoy en mi red local. Hago ping a la interface de red Wan1 (ip publica) y no responde el ping. Hago ping al gateway y responde. Hago ping a la interface de red Wan1 (ip publica) desde CLI y responde. Tengo conexión a internet. Puedo conectarme al cortafuegos desde el exterior usando la ip publica, pero no desde adentro. Necesito validar la redirección de puertos desde adentro de la red. Actualmente tengo que hacer esto desde mi casa.

 

Alguien puede ayudarme.

 

 

2 REPLIES 2
gschmitt
Valued Contributor

Okay let me try to ... guess... what your problem is

 

hhernandez wrote:

I am on my local network . Wan1 I ping the interface ( public IP ) and does not respond to ping. I ping the gateway and responds . Wan1 I ping the interface ( public IP ) from CLI and responds . I have Internet connection. I can connect me to the firewall from the outside with public IP , not only from the inside .

 

Go to System > Network > Interface

In the Access column is "ping" listed for both internal and wan1? Ping should be enabled on all interfaces that are in use. Blocking ICMP breaks the internet.

 

I need to validate redirects ports from inside the network. Currently I have to do it from my home.

 

You want to forward certain ports to machines within your internal network, correct?

 

Go to Policy & Objects > Objects > Virtual IPs

Create New

Enter a name server1_http as an example

Set Interface to wan1

As External IP Address/Range enter your wan1 external IP address (as an example 77.66.55.44)

As Mapped IP Address/Range enter the internal IP of your server/device/service you want to access (as an example 172.16.1.55)

Check Port Forwarding (Important or all traffic will go to the device)

Select the protocol (TCP in our case)

Set the port to 80 (for http)

 

Repeat that for all ports you need

 

To to Policy & Objects > Policy & IPv4

Create new

Incoming Interface: wan1

Source Address: all

Outgoing Interface: internal

Destination address: the objects created above (here server1_http)

Service: http (or all services you want)

Action: Accept

 

Depending on your server you may need to enable NAT but keep it off if possible

 

Select Security Profiles as needed and hit OK

ede_pfau
Esteemed Contributor III

hi,

 

it does not matter whether ping is allowed on the 'internal' interface. Only the 'wan1' IF is affected.

Please check these 2 points:

1. Does the outgoing policy from 'internal' to 'wan1' allow PING? It might be a restricted set of services, not including ICMP/ping.

2. Do you use 'Trusted Hosts' in System > Admin > Administrators?

 

You posted that ping from the CLI does work - from which CLI? The Fortigate's or a command line on your host PC?


Ede

"Kernel panic: Aiee, killing interrupt handler!"