Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Satyam
New Contributor

Internet not working

Hi Guys,
So we were using a router with two VLAN 10 and 20, connected to two different APs and everything was working fine.

Today we purchased a firewall and we placed it before the router (refer to the image). I created two static routes 192.168.110.0 with Gateway 192.168.100.2 and 192.168.120.0 with the same Gateway. Still, we are not able to access the internet.

Any idea what I am doing wrong? Any other way to configure this whole setup?

 

Firewall.png

 

 

2 REPLIES 2
akristof
Staff
Staff

Hello,

 

Thank you for your question. Setup looks easy, so FortiGate should have 3 routes in the routing. 2 routes for your internal subnets and then default route to reach internet. And then you need to have correct firewall policy to allow traffic from your internal interface to your external interface with NAT enabled. You can check this guide to do some debugs to see if something is blocking it:

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

Adrian
ede_pfau
Esteemed Contributor III

To add, the old router needs an additional default route to 192.168.100.1. All of your hosts, including the APs, can then have either 192.168.100.2 (old setting) or .1 (correct setting) as their gateway. NAT on the old router should be removed.

 

If you get the routing correct (ping from router/firewall, this is not using policies), then you need policies on the FGT to allow the traffic.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors