Hi Guys,
i need help because after i've connected a second wan internet connection to split and force my guest lan to navigate with the new line and divide traffic with administrative lan, the forwarding traffic outside from my office stopped work. After that my fw stopped to route the internal lan traffic to outside.
My settings are these:
wan1: 10.0.0.200 gw: 10.0.0.1
lan2 (configured as wan interface): fw address 192.168.1.200 gw: 192.168.1.1
Lan1 (internal lan): 192.168.0.x
lan3 (guest lan): 192.168.100.x
Static routes:
0.0.0.0/0 to wan1 10.0.0.1 (ip modem) - distance 10.
0.0.0.0/0 to lan2 192.168.1.1 (ip modem) - distance 10.
address configuration:
i've define an address corresponding to my lan3 ip range "LANGUEST" = 192.168.100.0/24
Policy Routes:
From:
lan3("LANGUEST") to --> lan2 (wan guest) ALL | always | ALL --> accept
implicit deny all
From:
lan1(internal) to --> wan1 ALL | always | ALL --> Accept
From:
lan1(internal to --> lan2 (wan guest) deny
From:
lan3("LANGUEST") to --> wan1 deny.
Anyone have some clue to help me understanding what is wrong?
Thank you very much in advance.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Michele,
I'm a little confused about the part you have listed as "policy routes". It looks more like the "firewall policies" than "policy routes". If you don't have any policy routes configured, then ECMP might try to send traffic down a path that you have denied with firewall policies. If this were the case, I would expect some randomness to whether it works or doesn't.
Add some policy routes and you should be in good shape. If you need help with that, PM me and I can arrange some time to assist. I'm sure you can figure it out though. :)
- Daniel
Hi Michele,
I'm a little confused about the part you have listed as "policy routes". It looks more like the "firewall policies" than "policy routes". If you don't have any policy routes configured, then ECMP might try to send traffic down a path that you have denied with firewall policies. If this were the case, I would expect some randomness to whether it works or doesn't.
Add some policy routes and you should be in good shape. If you need help with that, PM me and I can arrange some time to assist. I'm sure you can figure it out though. :)
- Daniel
It doesn't sound like you have load-balancing setup for the WAN connections (either SD-WAN or WAN LLB) - If not, you may want to consider it as you can set up priority rules for directing tje guest lan traffic to one of the WAN connection.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Hi,
Thank you very much for your reply. I've made some mistakes with policy routes. After your help i've setup correctly now my fortigate is working great!!
Hi Dave,
Thank you very much for your help. I'm going to study better this functions that i didn't know very well!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.