There should be a route to the network on port 2 for addresses on port 1 to follow.  I bet the only default route listed on the fgt is the one that is routing to the WAN or Internet. 

On the CLI, type get router info routing-table details and see if there is a 192.168.0.0 route directed to port 2.  There should be considering it's a direct connection. 

Make sure you have your subnet mask set correctly (/16 vs /24, etc.) .

gniedy wrote:

i did beofre. i make 2 direction firewall policy and start to changing between them but also no result

@Dave: both networks are directly connected (port1, port2) so this is not a routing issue on the FGT. I guess it's the hosts which are not addressing the traffic to the FGT.

@gniedy: ping from the FGT CLI is not that much helpful. But when pinging from host to FGT, you should see successful replies. Do you?

Just realized that - the hosts themselves could have the wrong gw info configured, but at the back of my head was also thinking the subnet mask should be checked too.

ede_pfau wrote:

@Dave: both networks are directly connected (port1, port2) so this is not a routing issue on the FGT. I guess it's the hosts which are not addressing the traffic to the FGT.

i found a bet mistake which i was configured the host with alternative Ip but when i delete the other ip the ping work from p1 to p2 but i still face some issues that  can't ping to fgt from the hosts to the different ports and i can ping from p1 host to p2 host but i can't ping from p2 host to p1 host or fgt you will find some pics from my configuration

https://ibb.co/v13t9g5     (CLI Route)

https://ibb.co/tqc042L     (FGT PORTS SUBNETS)

https://ibb.co/JncpJJv      (Firewall Policy)

https://ibb.co/kHMHTmV  (Ping From P1 to P2 host and fgt)

https://ibb.co/P61VLMt    (Ping From P2 to P1 host and fgt)

Good to have some more information, thanks for the pics.

One reason why you can't ping the FGT may be that PING is not allowed on the interfaces port1, port2. Make sure (in Network>Interfaces) that you tick "ping" as allowed management access.

For the traffic from port1 to port2 you need a second policy - the "reverse clone" of the policy you already created.

Do you supply your hosts via DHCP (from the FGT), or do you use static IPs, e.g. on the camera(s)? Static assignment always bears the risk of mistyping the address, the network mask, the gateway address, the DNS address...with DHCP, you define those centrally, and present and future hosts will use the correct and complete set of settings.

i don't know whats wrong, i configured everything, about the ping protocol, the ping is active and the issue that all protocols is not work well although all protocols allowed from the interfaces 1,2. i think i have another problem not with the interfaces or the firewal policy i think i have another problem which prevents what i need but i don't know where, is there any cloud fortigate device to test on it like others?

Pinging Windows devices may just fail because of the built-in firewall. A better target would be a printer, switch or other 'IoT' device.