Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
alexromaya
New Contributor

Fortigate 50E NAT devices can reach the web, 50E itself cannot, help !!!

Hi there,   We currently have a new set up,  which has a 50e used as the DMZ FW which connects directly to the WWW router on a none routed /30 subnet (transit)  and 100E connects directly to the 50e via a transit link.  devices behind the 100e and 50e can get to the web via a NAT overload and there is specific 1 to 1 NATs as well.    100E doesn't do NAT, all NAT is on the 50E.  100E can ping the web 8.8.8.8 and reach Fortinet via the dashboard for updates etc using a route that points to the 50e, 50e then just pushes everything from that subnet to a public address via NAT overload.  My issue is the 50e cannot ping 8.8.8.8 and does not receive updates from Fortinet on the dashboard.   Any advice, I added a loopback with its own public address this didn't work.  I added the Loopback to the NAT overload group that the 100e uses that didn't work either.  I even created a 1 to 1 nat from the /30 IP that connects to the router (none advertised) to a new public address this wouldn't allow the 50e to ping out either via the specific source.   I have asked networks to check what is allowed in, I did a packet sniffer and it showed packets going out but not returning for the 50e, they do for the 100e, the router does have a acl inbound which denies any IP to the 50e /30 specific IP but the 100e is able to get out using the NAT.   Any ideas appreciated.   Many thanks Alex

0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors