I am setting up a firewall FG-60F in transparent mode and this is my config :
Internet <-> LTE Router <-> Firewall <-> Local Switch1
Upstream the firewall there is an LTE router, dowstream the firewall there is a network switch 1. I have the firewall configured in transparent mode with management IP 10.10.10.1 and the LTE router is 10.10.10.250. When I connect locally to the network, I can ping all the devices on my network and also I have internet.
The problem is when I connect via the VPN.
The VPN setup is as follows, the router has an OpenVPN tunnel to an external server, and I connect to this VPN server via an OpenVPN client. When I am on the VPN, I get assigned IP on the network 11.36.255.13, and at this point I can ping the firewall on 11.36.3.1 and the router on 11.36.3.250, but I cannot ping anything downstream the firewall (switch1 and other devices). If I remove the firewall from my network and I connect to via VPN, I can ping the switch1 on Ip 11.36.3.10 (locally it is 10.10.10.10).
Regarding firewall policies, I have only one allow-all policy, and regarding static routes I have one route for outgoing traffic and the second route is to try to get the VPN traffic to downstream devices.
As it is right now I cannot ping downstream devices, any idea what I am doing wrong?
firewall policy
static routes
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I was missing a policy to allow traffic from wan1 to Internal, now it works.
I was missing a policy to allow traffic from wan1 to Internal, now it works.
Double-check your firewall configuration to ensure that VPN traffic is properly routed to downstream devices. You may need to adjust your static routes or firewall policies to allow VPN traffic to reach the runaway children intended destinations. Consider consulting with your network administrator or seeking assistance from your firewall vendor's support team for further troubleshooting.
So this works but is it right? Aren't u just bypassing aur firewall all together with these rules? Fortinet just says int to out policy only.. and I can't get any connects what so ever that way.. so this can't be right for transparent mode.. ? Can it?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1073 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.