Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate 50E NAT devices can reach the web, 50E itself cannot, help !!!

Hi there,   We currently have a new set up,  which has a 50e used as the DMZ FW which connects directly to the WWW router on a none routed /30 subnet (transit)  and 100E connects directly to the 50e via a transit link.  devices behind the 100e and 50e can get to the web via a NAT overload and there is specific 1 to 1 NATs as well.    100E doesn't do NAT, all NAT is on the 50E.  100E can ping the web and reach Fortinet via the dashboard for updates etc using a route that points to the 50e, 50e then just pushes everything from that subnet to a public address via NAT overload.  My issue is the 50e cannot ping and does not receive updates from Fortinet on the dashboard.   Any advice, I added a loopback with its own public address this didn't work.  I added the Loopback to the NAT overload group that the 100e uses that didn't work either.  I even created a 1 to 1 nat from the /30 IP that connects to the router (none advertised) to a new public address this wouldn't allow the 50e to ping out either via the specific source.   I have asked networks to check what is allowed in, I did a packet sniffer and it showed packets going out but not returning for the 50e, they do for the 100e, the router does have a acl inbound which denies any IP to the 50e /30 specific IP but the 100e is able to get out using the NAT.   Any ideas appreciated.   Many thanks Alex


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors