Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
book
New Contributor

Created on ‎03-25-2014 03:21 AM

Configuring Static Route

Hello, I suppose, simple problem, but I can not ping between two loopbacks on FortiGate. I deploy images on WMware, set IP address on one FortiGate with 192.168.1.102/24, port1, and the second FortiGate with 192.168.1.103/24, port1. I can ping these interfaces, but when I create loopback called LAN2 on first FortiGate, and the second loopback called LAN3 on second FortiGate, and I can not ping between these two loopback. When I type " get router info routing-table all" on each FortiGates I see correct routes to the interface, and to the loopbacks. Also, I edit policy route, but I am not sure If correct, on first FortiGate it looks like: config router policy edit 1 set input-device " LAN2" set src 2.2.2.0 255.255.255.0 set dst 3.3.3.0 255.255.255.0 set protocol 6 set start-port 443 set end-port 443 set gateway 192.168.1.103 set output-device " port1" next end And on the second FortiGate: config router policy edit 1 set input -device " LAN3" set src 3.3.3.0 255.255.255.0 set dst 2.2.2.0 255.255.255.0 set protocol 6 set start-port 443 set end-port 443 set gateway 192.168.1.102 set output-device " port1" next end When I login via WebConfig I see ther is some policy route which deny all traffic, but I can not it nor edit or delete. Thanks in advance for tips!
6652
0 Kudos
7 REPLIES 7
TheJaeene
Contributor

Created on ‎03-25-2014 04:55 AM

Hi, my first guess: the policy routes shown are not matching ICMP Traffic. Create additional Policy Routes with Protocol 1 Regards, Jan
2297
0 Kudos
book
New Contributor

Created on ‎03-25-2014 06:24 AM

I create second Policy Routes, but without ping success. I cant create new policy for that abov, which deny all traffic, I supposed that this is the problem, via WebConfig I cant too. You can see two pictures (prompt: Entry not found when I click OK).
Preview file
37 KB
2297
0 Kudos
book
New Contributor

Created on ‎03-25-2014 06:24 AM

And the same story via CLI: Or there is the prompt " Input value is invalid" . What I did wrong?
Preview file
21 KB
2297
0 Kudos
TheJaeene
Contributor

Created on ‎03-25-2014 08:29 AM

Why are you using policy routes anyway? Just define two routes on each fortigate and add the corresponding Firewall Rules. I think you are messing something up regarding the purpose of Policy Routes. Regards, Jan
2297
0 Kudos
book
New Contributor

Created on ‎03-25-2014 08:56 AM

Yes, I messed up Policy Routes with Firewall Rules. I configured bad features. Now, I configure Firewall Rules which accept all trafic and it works. Anyway, thanks for help - it is my beginning with Fortinet technology :)
2297
0 Kudos
TheJaeene
Contributor

Created on ‎03-26-2014 05:55 AM

You´re welcome, we all started as bloody rookies
2297
0 Kudos
book
New Contributor

Created on ‎03-26-2014 08:34 AM

I have another question. The same topology with three FortiGate units, everything pings ok, I mean 192.168.1.0/24 subnets and loopback on each of them. Now I add IP address 100.0.0.1 to the port2 on " FortiGate two" . What should I do to ping from 192.168.1.102 (port1 on FortiGate two), and another FortiGate units (first and third)? Default route from port2, " FortiGate two" ? Where, how? OK, I did it by static route.
2297
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.