Hi,
I'm wondering what is the best way to connect two Fortigates via LAN connection. both boxes are in the same building
The purpose is to allow access of resources for example (Printers VLAN) or any other resource
I have configured a dedicated port for the link on both Fortigates and assigned an IP of 10.10.90.2 and 3 for both ends
I can ping from both, I have created a static route on both to route the traffic to the gateway address on both.
I can not ping the resources from workstations on both ends and I do not have internet connectivity.
I tried to create policies on both ends to allow the traffic with no luck
any idea how this can be accomplished
Thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @CodeTron,
It would be best to capture a debug flow on both fortigates to determine how the packets are being processed concerning routing and policy information between the source and destination resources.
Reference: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...
Kind Regards,
Hi Code Tron,
Thank you for reaching out. From what you mentioned it sounds like you followed proper steps to connect the 2 fortigates together. I am not sure about routing you have created but you will have at least one connected route for the subnet 10.10.90.x depending one the subnet mask you have used on the port you used to connect the 2 firewalls together. Firewall policies follow routes so if traffic does not match a policy that means routing needs to be looked at. In general these type of deployments require setting up a route to the remote subnets you are trying to reach from one side to another. Ex: FGTA trying to reach subnet 192.168.1.x for a printer vlan behind FGTB then a static route should be created where destnation is that subnet and gateway would be 10.10.90.3 - assuming FGTB port has the 10.3 ip - and so on. If you have all your subnets under a summary subnet lets say 192.168.0.0/16 for example then you can use that supernet subnet as your destination on the static route. Once you make sure this is correct then check the firewall policies make sure source and destination interfaces and addresses are correct, services are allowed and for the purpose of monitoring I recommend to enable logging for "all sessions".
Thank you,
saleha
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.