Morning:
New to Fortigate, and am trying to setup SNATing some VMs out to the Internet from my home lab on VLANs. It's a 40F, so it doesn't have a VLAN switch.
In this instance, the VM is on vlan50, using the Fortigate as a DHCP server. It receives an IP in the proper range, and I can move the VM from vlan to vlan in the lab, and it recognizes the different subnets and gets DHCP for them. So tagging seems fine. I just can't get out.
My process
The policy is getting hits, but I still can't ping out to any external IPs. I have a feeling I'm missing something simple here :)
Any suggestions on what I'm missing?
id=20085 trace_id=197 func=print_pkt_detail line=5846 msg="vd-root:0 received a packet(proto=17, 10.16.50.50:57296->1.1.1.1:53) tun_id=0.0.0.0 from vlan50. "
id=20085 trace_id=197 func=init_ip_session_common line=6025 msg="allocate a new session-000d605e, tun_id=0.0.0.0"
id=20085 trace_id=197 func=vf_ip_route_input_common line=2605 msg="find a route: flag=04000000 gw-64.xxx.xxx.x via wan" [IP REMOVED FOR PRIVACY]
id=20085 trace_id=197 func=fw_forward_handler line=881 msg="Allowed by Policy-2:"
id=20085 trace_id=197 func=__ip_session_run_tuple line=3525 msg="run helper-dns-udp(dir=original)"
Thanks,
Don
Solved! Go to Solution.
This turned out to be my Central SNAT rule.
I had a LAN > WAN ALL/ALL rule and erroneously thought b/c the VLANs were added to the LAN interface, the ALL/.ALL SNAT would also catch them.
Adding a SNAT rule per VLAN worked to fix this.
Did you configure a static rule?
You can find this under network and static route.
This turned out to be my Central SNAT rule.
I had a LAN > WAN ALL/ALL rule and erroneously thought b/c the VLANs were added to the LAN interface, the ALL/.ALL SNAT would also catch them.
Adding a SNAT rule per VLAN worked to fix this.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.