Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Haggebuddi
New Contributor

FortiGate WAN behind Provider NAT / not reachable

Hi!

 

I have a FortiGate 50E for home use.

I got fibre Internet last week, so a new provider.

 

Looks like my provider is NATing, because the IP on WAN1 I get via DHCP from them (100.74.0.x) is different than the public IP, I get when I look with WhatIsMyIP (185.246.22.x).

 

I got in touch with the provider, they said all ports should be open for me, so I should reach my servers behind it.

 

The problem is, looks like nothing is reaching my Forti, when I ping my public IP and sniff with "diag sniffer packet wan1 icmp" I don't see my pings. But I get an answer on the device I send the pings from, so looks like something from my provider is answering them.

 

I also configured a SSL VPN + Policy on my Forti, it says it's listening on the WAN1 IP (100.74.0.x) on port 10443, but is not reachable from outside, only in my own network.

So I thought probably because it thinks there is no NAT from the provider, so the other IP should reach it.

I made a VIP, that listens on the public IP (185.246.22.x) and forwards 10443 to the wan1 IP (100.74.0.x), sadly still not working.

 

Do you guys have any idea, is it because the provider nat / problem on their site?

Any troubleshooting I can try?

I'd love to get some useful advice and bring my docker cluster + VPN finally back online. :)

 

Kind regards,

Markus

 

 

2 REPLIES 2
abarushka
Staff
Staff

Hello Markus,

 

My my consider to deploy FortiGate in the cloud and perform test below:

 

- ping cloud VM from FortiGate 50E and sniff traffic on cloud VM in order to verify whether NAT is performed by ISP

 

- telnet from cloud VM to 100.74.0.x and 185.246.22.x and sniff traffic on FortiGate 50E in order to verify whether FortiGate 50E is reachable/DNAT is performed

FortiGate
Haggebuddi

Hi!

 

Thanks for your answer, I'm not sure if I can do that, since the Forti in registered in the name of the company I work for, I'm just allowed to use it as my home device until I get one cheap with the employee discount (we are fortinet partner).

 

Do you have any other way I can check that? 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors