Morning:

New to Fortigate, and am trying to setup SNATing some VMs out to the Internet from my home lab on VLANs. It's a 40F, so it doesn't have a VLAN switch.

In this instance, the VM is on vlan50, using the Fortigate as a DHCP server. It receives an IP in the proper range, and I can move the VM from vlan to vlan in the lab, and it recognizes the different subnets and gets DHCP for them. So tagging seems fine. I just can't get out.

My process

1. Added VLAN interfaces to the LAN w/DHCP, which is just ports 1-3 for now.
2. Central SNAT is enabled. ALL/ALL
3. Firewall policy: vlan50 > wan, ALL/ALL/ALL

The policy is getting hits, but I still can't ping out to any external IPs. I have a feeling I'm missing something simple here :)

Any suggestions on what I'm missing?

id=20085 trace_id=197 func=print_pkt_detail line=5846 msg="vd-root:0 received a packet(proto=17, 10.16.50.50:57296->1.1.1.1:53) tun_id=0.0.0.0 from vlan50. "
id=20085 trace_id=197 func=init_ip_session_common line=6025 msg="allocate a new session-000d605e, tun_id=0.0.0.0"
id=20085 trace_id=197 func=vf_ip_route_input_common line=2605 msg="find a route: flag=04000000 gw-64.xxx.xxx.x via wan" [IP REMOVED FOR PRIVACY]
id=20085 trace_id=197 func=fw_forward_handler line=881 msg="Allowed by Policy-2:"
id=20085 trace_id=197 func=__ip_session_run_tuple line=3525 msg="run helper-dns-udp(dir=original)"

Thanks,

Don