I have a customer with a Fortigate 40F (v7.0.12) where the WAN interface is connected to their ISP and configured with x.y.z.180/25 where 181 and 182 are secondary IPs.
x.y.z.129 is configured as the ISP default gateway and everything seems to be working normally.
However when trying to connect to another companys webserver (x.y.z.208) that uses the same ISP and is on the same IP net I cannot connect to it or ping it.
Running a traceroute in the Fortigate CLI shows somethng like this
traceroute to x.y.z.208 (x.y.z.208), 32 hops max, 3 probe packets per hop, 84 byte packets
1 x.y.z.129 (gw.isp.com) 0.533 ms 0.250 ms 1.430 ms
2 x.y.70.209 2.018 ms 2.284 ms 1.283 ms
3 x.y.78.133 5.528 ms 1.932 ms 1.452 ms
4 * * *
5 x.y.78.70 1.674 ms 1.581 ms 1.288 ms
6 x.y.72.123 0.345 ms 0.348 ms 0.313 ms
7 x.y.76.250 0.342 ms 0.371 ms 0.330 ms
8 * * *
9 * * *
10 * * *
I expected it to try and communicate with the server directly and not go through the gateway since they are on the same IP net, is this expected behavior?
Anybody have any guesses as to what is going on? Something in the firewall, the ISP or both?
It's within the same subnet, /25 will cover from 129 to 254.
you're right in this case it is..
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.