Help
Fortinet for SAP Discussions
Tanefo
New Contributor

Created on ‎04-26-2024 11:18 PM

How to configure to send packet or ping to cloud1 or to port1 on the FortiGate from Cisco router?

Hi dear friends,

I already made my configuration ( I created the firewall policy on port1 and port4 on FortiGate and also created a static route protocol) to connect my cisco router to fortigate , I also configured the static route protocol on the cisco router and FortiGate but it  doesn't work. The both interface port4(FortiGate) and e0/0(Router) can ping each other but cannot ping any other port on the FortiGate.  I'm trying to connect or ping port1 or Cloud1 from Cisco router.

How to configure or process ?

see below the image. 

thank you in advance for your help

 

Capture.PNG

Labels:
774
0 Kudos
2 REPLIES 2
funkylicious
SuperUser
SuperUser

Created on ‎04-26-2024 11:59 PM Edited on ‎04-27-2024 12:00 AM

Hi,

First of all, you would need a firewall policy with src intf port4 and dst intf port1, and you can use src/dst address any and services all .

this is the first step, the 2nd for you to ping cloud1 eth0 would be to also have a route back to the network of the initiator(s) of traffic on cloud1 and fortigate, assuming the src is 10.10.10.0/30 on fgt that would not be required, but for others yes.

also, make sure you enable ping as administrative access on fgt ports. 
in order to same time, you can also create a default allow any rule with src/dst intf any

"jack of all trades, master of none"
"jack of all trades, master of none"
763
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎05-08-2024 02:55 PM

Without going into too much detail, try to see the FGT as a router first, and then add policies because it is a firewall in addition.

Your ultimate goal probably is to connect the PCs to the cloud service. So, for routing to happen, each hop needs to know where to send the packets for each destination (or destination network).

 

The Cisco router needs to have routes to

10.10.3.0 (the PCs)

10.10.2.0 (transfer net Cisco-FGT)

192.168.204.0 (gateway to cloud)

192.168.10.0

192.168.14.0

x.y.z.0 (the cloud network, not shown in your diagram)

 

The FGT needs fewer static routes as networks assigned to interfaces will automatically be added as routes.

The other routes needed on FGT:

10.10.3.0

x.y.z.0 (the cloud network)

 

If you have configured these, you've got routing. Now add policies (only on the FGT) between interfaces which should be able to talk to each other.

If you are new to FortiOS, test the setup by pinging from the PCs/webterm, not from the FGT. Allow "ping" on each and every connected interface, always.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
677
0 Kudos
Announcements

Welcome to your new Fortinet for SAP Community!

You'll find your previous forum posts under 'Fortinet Forum'

Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.