- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiADC
- FortiAnalyzer
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- RE: Dual WAN LINK interface administration
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 08-26-2009 07:32 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dual WAN LINK interface administration
Hi all,
I already set up 2 WAN link and its working (able to browse internet ), I am only able to access WAN1 administrative webaccess but WAN2, I' m unable to do so. I have set equal distance (5) in the static route for both of the WAN Link and also enable administrative access to both of the WAN link either http and https. What other steps that I miss out? Thank you all.
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you trying to access your WAN2 management interface from the inside or Internet?
A Real World Fortinet Guide
Configuration Examples & Frequently Asked Questions
http://firewallguru.blogspot.com
A Real World Fortinet Guide Configuration Examples & Frequently Asked
Questions http://firewallguru.blogspot.com
Not applicable
Created on 08-26-2009 09:24 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I am trying to access it from Internet
Not applicable
Created on 08-26-2009 09:31 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello august_twenty8,
Can you check if both default routes are in the routing table ; from CLI : " get router info routing-table all"
Jabo.
Not applicable
Created on 08-26-2009 09:39 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is what I get
S* 0.0.0.0/0 [5/0] via 219.a.b.c, wan1
[5/0] via 219.d.e.f, wan2
192.168.10.0/24 is directly connected, internal
192.168.254.0/24 [10/0] is directly connected, ssl.root
219.a.b.c/29 is directly connected, wan1
219.d.e.f/29 is directly connected, wan2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
On the command line you can run:
diag sniffer packet wan2 ' port 443'
Then test from the outside and see if you see any incoming packets to your Fortinet.
I had an issue with someone else yesterday and their WAN1 ISP was filtering out packets whereas on WAN2 they were not.
A Real World Fortinet Guide
Configuration Examples & Frequently Asked Questions
http://firewallguru.blogspot.com
A Real World Fortinet Guide Configuration Examples & Frequently Asked
Questions http://firewallguru.blogspot.com
Not applicable
Created on 08-26-2009 10:12 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When enter the $ diag sniffer packet wan2 " port 443"
and I ping to the interface it return me nothing.
but when I telnet it 443 it return me this result
165.060076 59.108.29.151.443 -> 219.95.111.222.1060: syn 2523256685 ack 3592316543
165.060220 219.95.111.222.1060 -> 59.108.29.151.443: ack 2523256686
165.064246 219.95.111.222.1060 -> 59.108.29.151.443: psh 3592316543 ack 2523256686
165.144222 59.108.29.151.443 -> 219.95.111.222.1060: ack 3592316652
165.157043 59.108.29.151.443 -> 219.95.111.222.1060: 2523256686 ack 3592316652
165.157177 219.95.111.222.1060 -> 59.108.29.151.443: ack 2523258134
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To see pings also you will need this:
diag sniffer packet wan2 ' port 443 and icmp'
But the SSL stuff looks good. In your Admin profile are you restricting access from specific hosts are are your admins set to 0.0.0.0/0.0.0.0 for all trusted hosts?
A Real World Fortinet Guide
Configuration Examples & Frequently Asked Questions
http://firewallguru.blogspot.com
A Real World Fortinet Guide Configuration Examples & Frequently Asked
Questions http://firewallguru.blogspot.com
Not applicable
Created on 08-26-2009 11:47 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In my Admin > Administrators , Trusted Hosts 0.0.0.0/0 0.0.0.0/0 0.0.0.0/0,
when i enter
$diag sniffer packet wan2 " port 443 and icmp"
interfaces=[wan2]
filters=[port 443 and icmp]
pcap_compile: expression rejects all packets
$diag sniffer packet wan2 " port 443 or icmp"
It return me
163.169708 219.a.b.222 -> 202.188.0.133: icmp: echo request
163.173185 202.188.0.133 -> 219.a.b.222: icmp: echo reply
168.209592 219.a.b.222 -> 202.188.0.133: icmp: echo request
168.223087 202.188.0.133 -> 219.a.b.222: icmp: echo reply
I think the I already set ping server into wan2 and also wan1 .. 202.188.0.133 is the dns that i point my ping server to ping
For ping server what next hop router should we put, is it alright if I keep pinging the dns server?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am having the same issue. Just hooked up WAN2 on a 200A and I cannot get HTTPS Admin working on that interface. The packets are seen coming to WAN2 but are not being accepted.
fort01 # diag sniffer packet any ' port 443 and host 8.7.25.18' interfaces=[any] filters=[port 443 and host 8.7.25.23] 4.212088 8.7.25.18.57378 -> 71.118.12.84.443: syn 3797564345 7.215133 8.7.25.18.57378 -> 71.118.12.84.443: syn 3797564345 13.204260 8.7.25.18.57378 -> 71.118.12.84.443: syn 3797564345 25.202414 8.7.25.18.57378 -> 71.118.12.84.443: syn 3797564345 49.199476 8.7.25.18.57378 -> 71.118.12.84.443: syn 3797564345 5 packets received by filter 0 packets dropped by kernel
S* 0.0.0.0/0 [1/0] via 65.214.187.49, wan1 C 10.0.0.0/23 is directly connected, internal C 10.0.5.0/24 is directly connected, dmz2 S 10.10.20.100/30 [2/0] is directly connected, ssl.root S 10.10.20.104/29 [2/0] is directly connected, ssl.root S 10.10.20.112/28 [2/0] is directly connected, ssl.root S 10.10.20.128/26 [2/0] is directly connected, ssl.root S 10.10.20.192/29 [2/0] is directly connected, ssl.root S 10.10.20.200/32 [2/0] is directly connected, ssl.root C 65.214.187.48/28 is directly connected, wan1 C 71.118.12.0/24 is directly connected, wan2Will not answer pings either.
fort01 # diag sniffer packet wan2 ' host 8.7.25.181' interfaces=[wan2] filters=[host 8.7.25.181] 7.832028 8.7.25.181 -> 71.118.12.84: icmp: echo request 8.833358 8.7.25.181 -> 71.118.12.84: icmp: echo request 9.832492 8.7.25.181 -> 71.118.12.84: icmp: echo request 10.832368 8.7.25.181 -> 71.118.12.84: icmp: echo request 11.832966 8.7.25.181 -> 71.118.12.84: icmp: echo request 12.832088 8.7.25.181 -> 71.118.12.84: icmp: echo request 6 packets received by filter 0 packets dropped by kernel
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Fortigate100F -- Does a VLAN Switch... 185 Views
- Fortigate Firewall BGP received routes not... 413 Views
- MCLAG ACL failures are detected 169 Views
- Fortigate- Redundant links 260 Views
- Using FMG to configure SAML on... 271 Views
Labels
-
FortiGate
7,108 -
FortiClient
1,401 -
5.2
801 -
5.4
639 -
FortiManager
615 -
FortiAnalyzer
450 -
6.0
416 -
FortiAP
373 -
FortiSwitch
368 -
5.6
362 -
FortiClient EMS
288 -
FortiMail
276 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
6.4
128 -
FortiNAC
125 -
FortiGuard
115 -
IPsec
107 -
SSL-VPN
100 -
FortiGateCloud
95 -
FortiSIEM
92 -
FortiCloud Products
88 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
64 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
47 -
FortiADC
45 -
FortiEDR
44 -
Fortivoice
44 -
FortiDNS
38 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
FortiExtender
34 -
FortiSandbox
33 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
FortiPortal
18 -
Interface
18 -
FortiSwitch v6.2
17 -
LDAP
17 -
VDOM
17 -
Routing
15 -
FortiMonitor
14 -
Authentication
14 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
Logging
14 -
FortiDDoS
13 -
RADIUS
12 -
FortiCASB
12 -
NAT
11 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSL SSH inspection
10 -
SSO
10 -
FortiRecorder
10 -
Application control
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
4.0
7 -
Admin
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
FortiAP profile
6 -
OSPF
6 -
IPS signature
5 -
Packet capture
5 -
Automation
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDirector
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
FortiPAM
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
FortiTester
4 -
3.6
4 -
FortiScan
4 -
Web rating
4 -
FortiDeceptor
3 -
NAC policy
3 -
Multicast routing
3 -
System settings
3 -
FortiToken Cloud
3 -
Fortinet Engage Partner Program
3 -
Traffic shaping profile
3 -
FortiDB
3 -
DLP sensor
3 -
DoS policy
3 -
Email filter profile
3 -
Fabric connector
2 -
FortiInsight
2 -
Netflow
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
DLP Dictionary
2 -
VoIP profile
2 -
DLP profile
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1 -
Internet Service Database
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1057 | |
| 874 | |
| 521 | |
| 441 | |
| 146 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.