Regards
Shaan
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If the path of server 2 traffic is hitting the WAN port(s) of the Fortigate then you likely need to set up a VIP (port forward); if both LANs on each side of the fgt are connecting via an internal port, you may need to define a route to 192.168.255.254/32 directly. However, I don't think this is actually needed. I suggest checking the return firewall policy (from server2 to server1) - you will need two firewall rules for both directions of that fgt connection. Perhaps post a screenshot (san identifiable IP info) here.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
are you sure the cisco does nat server2 back to the FortiGate?
If traffic reaches the FGT with the original IP of server2 there will be no answer because the FGT doesn't know that subnet nor has a route to it.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
I do not think you need to do anything but check for route to the src-address that server1 is SNAT to. What does diag sniffer packet show and the src_address that enters the Fortigate ?
PCNSE
NSE
StrongSwan
Dear All ,
I have the source route in place ... from Fortigate interface connecting to Cisco router i cna ping the server 2 and i am able to get the response as well only issue with NATing i guess and i got below response from the router team who is managing the Cisco router
I captured the logs from the continuous ping done earlier and it looks like the traffic initiated from the server1 (192.168.255.254) is being NATed to the 10.249.107.98 (instead of 10.249.107.80 IP) before coming to the cisco router.
This is why when you try to ping the 10.249.107.80 from the server 2(10.249.104.x) it is not working as that NAT (192.168.255.254 - 10.249.107.80 ) is not working.
Regards
shaan
Regards
Shaan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.