I want to access my fortigate firewall 100D internal IP from my branch office network, what settings should I do for it. Details mentioned below:
Fortigate Firewall Internal IP = 192.168.1.1/24
Branch network IP = 192.168.2.0/24
Branch network PCs can access my whole network "192.168.1.0/24" and able to ping them too but not the firewall internal IP. These two offices connected through Juniper SSG 5 at both end through IPSec VPN tunnel.
Without diagnosis which would immediately show you what the reason is:
- make sure there is a route to the .2 network on the FGT (gateway is the tunnel end)
- check that Administrative access allows ICMP on the internal FGT interface
Thanks for your quick response Sir. I have made the route for my branch network on Fortigate through which I'm able to ping my branch network PCs from fortigate firewall but branch PCs is not able to ping the fortigate internal interface, I already allowed the ICMP on internal interface.
ICMP could be blocked if you use 'Trusted Hosts' settings in the admin setup. There are several posts on this on the forums, please search for it.
edit: read this - [link]https://forum.fortinet.com/tm.aspx?m=122674[/link]
The diag debug flow command is really what you should use and a packet sniffer. If the traffic is or is not arriving at the fortigate from the source_network(s), these 2 diagnostic approach will shed light.
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1741 | |
1109 | |
755 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.