Hello, i am facing this problem for the first time and i don't know where im doing it wrong. I have to access my own ip address both from inside and outside the network . The problem is that from outside i am able to connect to the ip and do my stuff, but when i am connected locally i can't..
I tried pinging the address from the fortigate CLI and i get no response. If i ping it from outside (another public ip, or by using a smartphone 4g) it works like a charm. Can someone explain me why please?
I have a fortigate 60E with 7.2.0 Build 1157
Here are the results:
FortiGate # diag sniffer packet any 'host 8.8.4.4 and icmp' 4 0 a
interfaces=[any]
filters=[host 8.8.4.4 and icmp]
2022-04-21 09:27:04.258525 wan1 out 192.168.1.15 -> 8.8.4.4: icmp: echo request
2022-04-21 09:27:04.288113 wan1 in 8.8.4.4 -> 192.168.1.15: icmp: echo reply
2022-04-21 09:27:05.269305 wan1 out 192.168.1.15 -> 8.8.4.4: icmp: echo request
2022-04-21 09:27:05.298873 wan1 in 8.8.4.4 -> 192.168.1.15: icmp: echo reply
2022-04-21 09:27:06.279273 wan1 out 192.168.1.15 -> 8.8.4.4: icmp: echo request
2022-04-21 09:27:06.309581 wan1 in 8.8.4.4 -> 192.168.1.15: icmp: echo reply
2022-04-21 09:27:07.289303 wan1 out 192.168.1.15 -> 8.8.4.4: icmp: echo request
2022-04-21 09:27:07.318825 wan1 in 8.8.4.4 -> 192.168.1.15: icmp: echo reply
2022-04-21 09:27:08.299284 wan1 out 192.168.1.15 -> 8.8.4.4: icmp: echo request
2022-04-21 09:27:08.329063 wan1 in 8.8.4.4 -> 192.168.1.15: icmp: echo reply
^C
10 packets received by filter
0 packets dropped by kernel
We could see the reply is request and reply is happening. But ealier you mentioned, you are not able to access any thing in the internet from the firewall.
Could you please reclarify?
Maybe i was not clear, sorry.
I dont have any problem about accessing internet, the problem is that i can't use services through my public ip when i'm INSIDE the fortigate LAN. But i can if i am OUTSIDE this network. Let's suppose my public ip is 70.7.70.7 and i have forwarded some services through fortigate to a specific devices in my network. If i type in the browser 70.7.70.7 when i am connected to the LAN, i receive an empty response because it does not work. If i type the same ip from outside the network everything is working fine. Am i clear?
Hi Team,
Thanks for the detailed explanation.
You are trying to achieve hair pin NAT.
step-1: Lets say you are accessing 70.70.7.7 (your upstream router public ip) from LAN machine (192.168.90.15)
Firewall should require one LAN to WAN policy with NAT enabled, i will assume it is there.
Step-2:
There should be a policy with WAN to LAN with source as all and destination as VIP object.
Please check and give us update
Thanks for the reply, i double checked and i can confirm that i have those 2 policies
Hi Team,
Thanks for the update.
Could you please provide us screenshot of firewall policy and VIP object here
Sorry for the dealy, i attached the two screenshots, thanks.
The configuration is absolutely fine.
Its better if you can raise case with support team to further check on this issue
I tried the command from above with a second fortigate CLI, pinging the public ip and this is the result:
FortiGate # diag sniffer packet any "host Y.Y.Y.Y and icmp" 4 0 a
interfaces=[any]
filters=[host Y.Y.Y.Y and icmp]
2022-04-21 09:29:56.178087 wan1 out 192.168.1.15 -> Y.Y.Y.Y: icmp: echo request
2022-04-21 09:29:57.189354 wan1 out 192.168.1.15 -> Y.Y.Y.Y: icmp: echo request
2022-04-21 09:29:58.199361 wan1 out 192.168.1.15 -> Y.Y.Y.Y: icmp: echo request
2022-04-21 09:29:59.209381 wan1 out 192.168.1.15 -> Y.Y.Y.Y: icmp: echo request
2022-04-21 09:30:00.219352 wan1 out 192.168.1.15 -> Y.Y.Y.Y: icmp: echo request
^C
5 packets received by filter
0 packets dropped by kernel
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.