I am new to Fortinet and setting up a Fortinet firewall VM in EVE-NG. With below setup, I am not able to ping from INSIDE_R1 to OUTSIDE_R2.
INSIDE_R1 --- (port 2)-Fortinet Firewall-(port 3) --- OUTSIDE_R2
10.0.0.2/24 10.0.0.1/24 184.108.40.206/24 220.127.116.11/24
Fortinet VM: Version 7.2.0 with eval license
Firewall policy is to allow All source coming into Port2 toward All destination and get out of Port3, for all services, all the time. NAT is also enabled to use the outgoing interface address.
INSIDE_R1 has a default route pointing to firewall inside interface IP, 10.0.0.1.
INSIDE_R1 can ping firewall's inside IP 10.0.0.1 and outside IP 18.104.22.168.
Firewall can ping OUTSIDE_R2's IP of 22.214.171.124.
However, INSIDE_R1 cannot ping OUTSIDE_R2's IP of 126.96.36.199. OUTSIDE_R2 does not get any packets from INSIDE_R1 based on its debug output.
Here is the debug output on Fortinet firewall:
id=65308 trace_id=7 func=print_pkt_detail line=5895 msg="vd-root:0 received a packet(proto=1, 10.0.0.2:16->188.8.131.52:2048) tun_id=0.0.0.0 from port2. type=8, code=0, id=16, s"
id=65308 trace_id=7 func=init_ip_session_common line=6076 msg="allocate a new session-00000ca9, tun_id=0.0.0.0"
id=65308 trace_id=7 func=vf_ip_route_input_common line=2605 msg="find a route: flag=04000000 gw-184.108.40.206 via port3"
id=65308 trace_id=8 func=print_pkt_detail line=5895 msg="vd-root:0 received a packet(proto=1, 10.0.0.2:16->220.127.116.11:2048) tun_id=0.0.0.0 from port2. type=8, code=0, id=16, seq=1."
id=65308 trace_id=8 func=init_ip_session_common line=6076 msg="allocate a new session-00000cad, tun_id=0.0.0.0"
id=65308 trace_id=8 func=vf_ip_route_input_common line=2605 msg="find a route: flag=04000000 gw-18.104.22.168 via port3"
I am not sure if this is the limitation of the VM version of Fortinet firewall that it only allows you to configure but not allow to pass traffic?
I built the same topology with a physical Fortinet firewall and two computers. With the same security policy and IP configurations, ping from inside to outside works fine.
I'd like to find out if it is do-able to have Fortinet firewall VM working and forwarding traffic in EVE-NG. The virtual lab in EVE-NG will allow me to test more complex network environment..