/29 Wan subnet on Hetzner Dedicated server not working
First time user of the Fortinet Products.
I've followed the instructions in the docs to setup the fortigate as VM in VMWare ESXI 8, so far so good. Got my first WAN/LAN with IPAM setup. All working fine. Now for the part I can't seem to get working...
On the WAN i've got a /29 subnet assigned to me. I want to be able to use routing rules to dynamically assign ports/entire ip to servers in my LAN. The /29 subnet is delivered on a virtual switch. It enters the physical machine on the same cable on VLAN 4000. To make it easier i've created a VSwitch in ESXI at VLAN 4000 and patched it as Port 3 to the Fortigate. I've received all the details about the subnet as follows:
When on port 3 i try to enter xx.xx.xx.224/29 as the ip i get the following error: Invalid IP Netmask.
When on port 3 i try to enter xx.xx.xx.225/29 as the ip it will let me save it. Unfortunately this does not work. When i try to ping the IP from my workstation (external to the network) it doesn't let me. (I didn't forget to allow the pings using the checkbox under administrative access). Neither does this work for xx.xx.xx.226/29, xx.xx.xx.226/32, etc. Also tried WAN/DMZ/Undefined, and many more different settings
What am i doing wrong or what can I do to debug this issue a bit more? I'm not bound to the external vswitch hetzner provides and also have a /29 subnet available directly on the primary WAN. I'm currently just looking for a solution.
I believe that .224/29 is your IP block not usable IP that why when enter 224/29 FGT will not let you save it. Your usable IP for that block begin from 225. Do you have any default route using port3 with the gateway of 225 and assign 226 for your port3? Can you try to assign 226 for port 3, created default route with gateway 225 via port3 and ping 226 from your computer and run the following command to see if traffic is arrived at FortiGate:
diag debug reset diag debug flow filter addr X.X.X.226 diag debug flow filter proto 1 diag debug flow show ip en diag debug flow show func en diag debug console time ena diag debug ena diag debug flow trace start 999
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.