Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Matie
New Contributor

What is missing - Routing, NAT or Policy

Hello, I am beginner in Fortigate and I would like to know what should I do to get this working. I have port 1 configured as a management port. Its a DHCP and address is 192.168.76.130. Client is configured as DHCP client and his address is in that network 192.168.76.0/24 (before .129 now actually .135). On a Fortigate I have configured dhcp server on port 8. Current IP address is 192.168.21.1/24. And DHCP Client has 192.168.21.100/24. Please check pictures. What should I configure if I want to ping from one site to the other end? From 192.168.76.135 to 192.168.21.100. I dont know whether I have to set default route, or NAT that or configure some kind of policy. Can you help? Take management port as a internet and DHCP client as a private network. I hope its clear. Thank You

Connection.jpgPing from DHCP Client.jpgPing.jpgPorts Configuration.jpg

 

12 REPLIES 12
Matie
New Contributor

Hi Zhuo, do you know why I can ping 1 way and second way not?

sw2090
Honored Contributor

You don't need NAT here since your FortiGate is the Gateway on both "endpoints" and the FGT does have an interface in both subnets. NAT might even be contra-productive here.

Try to disable it. The rest of you policies looks good so far.

 

Basically all you need is a policy to allow traffic from port1 to port8. Then you can ping from port1 subnet to port8 subnet.

If you want to ping from port 8 subnet to port1 subvnet you need the reverse policy to the above one too.

Only if on the endpoints the FortiGate is NOT your default gateway you would need a static route to the "opposite" subnet on each endpoint that has the FGT as gateway.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Matie
New Contributor

Thank You. But I am worried that I dont know how to do that. What do you mean by reverse policy? I have policies 1 to 8 and 8 to 1 so 1 to 8 is reverse to 8 to 1 and vice versa. Am I wrong?

I have tried to do static route but it doesn't work, because I dont know what should be a def gateway in this direction. I have one static route but it is created automatically. I didn't create that. I don't know how it came with that default gateway. Maybe it is caused by DHCP. If I have to create static route, what will be the default gateway from 1 to 8?

Routing.pngInterfaces.pngStatic route.png

Labels
Top Kudoed Authors