Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Phil_M
New Contributor

Fortigate 30D and BT Infinity

Hi

 

It's my first post so go easy on me!!

 

I have a user who as a BT Infinity connection (ie BT Openreach Mode ----> BT Home Hub3 )

 

I am trying to replace the BT Home Hub with a Fortigate 30D, but once installed I have no internet access from any device on the LAN side.

 

Went through the Wizard and the fortinet appears to connect to the modem fine and get relevent WAN IPs ( I have all green ticks for the relevant subscriptions) and the WAN interface reports as connected. All the internal devices have the LAN IP of the fortinet as their gateway, but do not appear to be able to get beyond it. They can ping the fortinet but nothing beyond it WAN side. The routing table also looks fine as do the firewall policies.

 

Has anyone else had issues similar to this?

 

Phil

8 REPLIES 8
patrick_z
New Contributor III

Hi Phil,

can the fortigate ping ie. 8.8.8.8?

can it ping ie. www.google.com?

If both is possible then there might be something wrong with your policies ...

 

Just a quick thought where to start ;)

 

Cheers, Patrick

ashukla_FTNT
Staff
Staff

Sounds like nat missing in policy.

pkley
New Contributor

NEVER use the wizard. It breaks things...

 

Do a factory reset and start over.

Phil_M
New Contributor

Hi Patrick et All

 

Thanks for the replies...

 

I cannot ping anything at all WAN side of the fortinet, FQDN or IP addess.

 

I have a lan to wan policy that is set to allow ALL traffic and can confirm that NAT is on.

 

A google search suggested that BT use a VLANID of 101 and that by creating a vlan interface and attaching it to the WAN interface may resolve the issue...I will try this tomorrow.

 

Phil

emnoc
Esteemed Contributor III

I don't think that's the issue, we ran into similar issues with BT and we had to wait until the mac_address cache was expired but you can double check for vlan-id tagging by doing a diag sniffer packet <wan> "vlan" 4 on the  interface attach to BT network after you  crafted the  vlan-subinterface.

 

e.g

 

HQFGT110C # diag sniffer packet wan2  "vlan" interfaces=[wan2] filters=[vlan] 77.413266 802.1Q vlan#11 P0 78.413242 802.1Q vlan#11 P0 79.413247 802.1Q vlan#11 P0 81.413251 802.1Q vlan#11 P0 82.413243 802.1Q vlan#11 P0 83.413247 802.1Q vlan#11 P0

 

 

PCNSE 

NSE 

StrongSwan  

Phil_M
New Contributor

Thanks Emnoc, will try the diag sniffer.

 

How long did you have to wait for the mac address cache to expire? I am assuming that it won't expire if the existing BT HUB is still connected?

 

Phil

 

pkley
New Contributor

Do you have a cable modem you're plugging into? They have their own MAC cache and you have to power them down for at least a minute in order to clear that so it'll talk to the Fortinet. IF you're using static IP that is, and maybe dynamic, depending.

emnoc
Esteemed Contributor III

Yeah that's what we did, just power cycle the bt-hub and then you should be good. FWIW What we did previously was to clone the original mac_ether-address on the fortigate wan interface when we going back and forth between 2 devices.

 

 

 

PCNSE 

NSE 

StrongSwan