Hi robert44,
Thank you for reaching out. I believe the issue here is about phase2 selectors missing the ippool external ip as local address on the fortigate side and would be a remote on the AWS server. This is because you are natting the traffic on the outgoing firewall policy and I see the ping is stopping at the ipsec tunnel. You can further confirm this with running the following debug then start the ping again:
di de flow filter addr 10.100.0.19
di de flow filter proto 1
di de flow show function enable
di de flow trace start 10
di de console time en
di de en
Thank you,
saleha
Hi robert44,
Thank you for reaching out. I believe the issue here is about phase2 selectors missing the ippool external ip as local address on the fortigate side and would be a remote on the AWS server. This is because you are natting the traffic on the outgoing firewall policy and I see the ping is stopping at the ipsec tunnel. You can further confirm this with running the following debug then start the ping again:
di de flow filter addr 10.100.0.19
di de flow filter proto 1
di de flow show function enable
di de flow trace start 10
di de console time en
di de en
Thank you,
saleha
Created on 10-09-2024 06:58 AM Edited on 10-09-2024 07:00 AM
You've saved my life, thank you. I owe you a beer. It works by putting an IP from the IP pool, specifically I've put 10.0.112.230/32 on phase2 and now I can ping :D
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.