Hi dear friends,
I already made my configuration ( I created the firewall policy on port1 and port4 on FortiGate and also created a static route protocol) to connect my cisco router to fortigate , I also configured the static route protocol on the cisco router and FortiGate but it doesn't work. The both interface port4(FortiGate) and e0/0(Router) can ping each other but cannot ping any other port on the FortiGate. I'm trying to connect or ping port1 or Cloud1 from Cisco router.
How to configure or process ?
see below the image.
thank you in advance for your help
Hi,
First of all, you would need a firewall policy with src intf port4 and dst intf port1, and you can use src/dst address any and services all .
this is the first step, the 2nd for you to ping cloud1 eth0 would be to also have a route back to the network of the initiator(s) of traffic on cloud1 and fortigate, assuming the src is 10.10.10.0/30 on fgt that would not be required, but for others yes.
also, make sure you enable ping as administrative access on fgt ports.
in order to same time, you can also create a default allow any rule with src/dst intf any
Without going into too much detail, try to see the FGT as a router first, and then add policies because it is a firewall in addition.
Your ultimate goal probably is to connect the PCs to the cloud service. So, for routing to happen, each hop needs to know where to send the packets for each destination (or destination network).
The Cisco router needs to have routes to
10.10.3.0 (the PCs)
10.10.2.0 (transfer net Cisco-FGT)
192.168.204.0 (gateway to cloud)
192.168.10.0
192.168.14.0
x.y.z.0 (the cloud network, not shown in your diagram)
The FGT needs fewer static routes as networks assigned to interfaces will automatically be added as routes.
The other routes needed on FGT:
10.10.3.0
x.y.z.0 (the cloud network)
If you have configured these, you've got routing. Now add policies (only on the FGT) between interfaces which should be able to talk to each other.
If you are new to FortiOS, test the setup by pinging from the PCs/webterm, not from the FGT. Allow "ping" on each and every connected interface, always.
Welcome to your new Fortinet for SAP Community!
You'll find your previous forum posts under 'Fortinet Forum'
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.