id=36870 trace_id=1943 msg=" allocate a new session-046e00b0" id=36870 trace_id=1943 msg=" find SNAT: IP-192.168.200.1(from IPPOOL), port-21" id=36870 trace_id=1943 msg=" VIP-192.168.200.1:21, outdev-internal1" id=36870 trace_id=1943 msg=" DNAT XXX.143.64.147:21->192.168.200.1:21" id=36870 trace_id=1943 msg=" find a route: gw-192.168.200.1 via dmz" id=36870 trace_id=1943 msg=" Allowed by Policy-27:" id=36870 trace_id=1943 msg=" run helper-ftp(dir=original)" id=36870 trace_id=1944 msg=" vd-root received a packet(proto=6, 192.168.200.1:21->XXX.50.75.228:22095) from dmz." id=36870 trace_id=1944 msg=" Find an existing session, id-046e00b0, reply direction" id=36870 trace_id=1944 msg=" find a route: gw-YY.199.98.65 via internal2" id=36870 trace_id=1944 msg=" SNAT 192.168.200.1->XX.143.64.147:21" id=36870 trace_id=1944 msg=" run helper-ftp(dir=reply)"(our wan lines are connected on internal1/internal2) Traffic comes in at internal1, so far so good, but it seems it tries to send the outgoing traffic to our other wan interface (internal2). Why ?
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Static 0.0.0.0/0 10 0 XX.143.64.145 internal1 Static 0.0.0.0/0 10 0 YY.199.98.65 internal2 Static 10.10.10.0/24 3 0 10.10.12.6 internal6 Connected 10.10.12.0/24 0 0 0.0.0.0 internal6 Static 10.32.100.0/24 1 0 10.201.128.90 wan1 Static 10.201.32.0/24 3 0 0.0.0.0 Wel-Pol Ph1 Static 10.201.32.0/24 3 0 0.0.0.0 Wel-PolSDSLPh1 Connected 10.201.128.0/22 0 0 0.0.0.0 wan1 Connected XX.143.64.144/29 0 0 0.0.0.0 internal1 Connected YY.199.98.64/29 0 0 0.0.0.0 internal2 Static 172.20.10.0/24 3 0 0.0.0.0 ssl.root Connected 192.168.200.0/24 0 0 0.0.0.0 dmz
PCNSE
NSE
StrongSwan
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.