Hi
It's my first post so go easy on me!!
I have a user who as a BT Infinity connection (ie BT Openreach Mode ----> BT Home Hub3 )
I am trying to replace the BT Home Hub with a Fortigate 30D, but once installed I have no internet access from any device on the LAN side.
Went through the Wizard and the fortinet appears to connect to the modem fine and get relevent WAN IPs ( I have all green ticks for the relevant subscriptions) and the WAN interface reports as connected. All the internal devices have the LAN IP of the fortinet as their gateway, but do not appear to be able to get beyond it. They can ping the fortinet but nothing beyond it WAN side. The routing table also looks fine as do the firewall policies.
Has anyone else had issues similar to this?
Phil
Hi Phil,
can the fortigate ping ie. 8.8.8.8?
can it ping ie. www.google.com?
If both is possible then there might be something wrong with your policies ...
Just a quick thought where to start ;)
Cheers, Patrick
Sounds like nat missing in policy.
NEVER use the wizard. It breaks things...
Do a factory reset and start over.
Hi Patrick et All
Thanks for the replies...
I cannot ping anything at all WAN side of the fortinet, FQDN or IP addess.
I have a lan to wan policy that is set to allow ALL traffic and can confirm that NAT is on.
A google search suggested that BT use a VLANID of 101 and that by creating a vlan interface and attaching it to the WAN interface may resolve the issue...I will try this tomorrow.
Phil
I don't think that's the issue, we ran into similar issues with BT and we had to wait until the mac_address cache was expired but you can double check for vlan-id tagging by doing a diag sniffer packet <wan> "vlan" 4 on the interface attach to BT network after you crafted the vlan-subinterface.
e.g
HQFGT110C # diag sniffer packet wan2 "vlan" interfaces=[wan2] filters=[vlan] 77.413266 802.1Q vlan#11 P0 78.413242 802.1Q vlan#11 P0 79.413247 802.1Q vlan#11 P0 81.413251 802.1Q vlan#11 P0 82.413243 802.1Q vlan#11 P0 83.413247 802.1Q vlan#11 P0
PCNSE
NSE
StrongSwan
Thanks Emnoc, will try the diag sniffer.
How long did you have to wait for the mac address cache to expire? I am assuming that it won't expire if the existing BT HUB is still connected?
Phil
Do you have a cable modem you're plugging into? They have their own MAC cache and you have to power them down for at least a minute in order to clear that so it'll talk to the Fortinet. IF you're using static IP that is, and maybe dynamic, depending.
Yeah that's what we did, just power cycle the bt-hub and then you should be good. FWIW What we did previously was to clone the original mac_ether-address on the fortigate wan interface when we going back and forth between 2 devices.
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.