Hello,
something we never had before but the WAN Interface had to be in the same Vlan Interface with the WAN Router of the provider X.
Now we have the problem that we cant connect to the WAN interface via http, https (trusted network) and we cant establish SSL VPN connection via 4444.
Attached I send you the WAN interface config.
What can we do?
Thanks in advance
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @RolandBaumgaertner72 ,
In my country(Malaysia), our internet is using VLAN.
Can you verify if your ISP requires VLAN too?
You can check with your PC this way too.
PC direct connect to your ISP router. PC <<<>>> ISP router
Set your IP, subnet, gateway accordingly.
Ping to 8.8.8.8
If your PC can go out to internet, means no VLAN required.
Hi,
yes, this ISP requires VLAN also and therfore we had to create a Vlan under the WAN Interface. Since I neved had this configuration I am wondering now what I can do, to get all the packeges through from WAN to my VLAN. I know it was working before with the Zywall Firewall since before I could access via https directly.
Also I see that my DDNS with Interface WAN is not getting the IP.
What can I do?
Created on 03-30-2023 01:36 AM Edited on 03-30-2023 01:36 AM
Can you reach the other peer in that /30 network ?
Also, do you have a static default route pointing to that peer / vlan interface ?
Hi,
well it works, from inside I have access via this VLAN WAN Interface.
The defaulf route goes over the VLan Interface? Is it because I dont have a route for the WAN Interface so that from outside I cant reach?
If you dont have this route, most likely this is your issue. You could also enable PING under the interface to check from the internet if it replies back.
Hi,
I dont really understand. As you can see on my screenshots I have under the WAN Interface the Vlan with the IP config of the provider. I activated on the VLan PING and I cant reach from outside.
What route is missing so that packeges get through to the VLan, or do I hace to change te default to WAN interface instead of the VLan?? Where is the connection between WAN Interface (no IP configured) and the VLan Wan Interface?
I never had this kind of configuration and since we are requiered to use a VLan ID and I cant configure it directly on the WAN Interface I am having this issue now.
Thanks a lot for your help!
Ok, let's take it step by step.
You say that the ISP requires you to have a VLAN configured on the interface towards them.
On the FortiGate you have configured a vlan interface with that VLAN ID ( I guess? ) . Do you have IP reachability from the IP you have configured the VLAN interface to the ISP peer ?
Since you have configured a subinterface or VLAN interface, whatever u want to call it means the same thing, I would expect that the interface on the switch where WAN is connected is configured in trunk and that VLAN ID is permitted towards the FW and VLAN is created on the Switch.
After you confirm, reachability to the ISP equipment/IP , then a static route 0.0.0.0/0 with next hop IP the ISP IP, using the VLAN interface as exit interface is required.
After this, you can do a, execute ping 8.8.8.8 , from CLI and see if you can reach the internet.
If all is good with ping towards 8.8.8.8 , then all access from the Internet towards that subinterface configured with allowed administrative access protocols should work. if not, maybe the ISP is filtering them.
OK, it is solved. I again created the static route and than I had access via PING from outside. Also the SSL VPN is working. Something wrong with routing tables (before I had another default route)?
Thanks a lot!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.