Hi.
We are going from Zyxel products to Fortinet.
I configured first Fortigate 60F whith same NAT of old devices as with the same wan, in testing lab everything is ok. When put in production enviroment nothing works, seeming that firewall is not seen from internet.
Configuration (working now with old firewall) is simple: Fortigate 60F connected to lan on port lan1 and connected to router on Wan1. Configured on wan in dhcp ( reserved ip fron dhcp server) and configured ad DMZ on router.
In testing enviroment averything works fine. On site since everi lan client can use internet, the device isn't reachable from outside and makes router work very slow first, unraechable neither from lan after some time.
Tried to change router (FritzBox) nothing changes.
When in test and working fine used same kind of router, same router software version. Different provider, but both with public ip ( fixed in one case, dynamic the other). The old (Zyxel) firewall is still working with the same configuration.
Any idea to help me ? Thank you so much.
@gianlucats
Check DHCP reserved IP because it might have MAC-IP bind and when you put new device it doesn't correspond to the reserved one, so it doesn't get an ip address while connected to new Zyxel.
What is the output of below command? Do you get an IP on FortiGate from DHCP on WAN interface?
diag ip address list
Thank you @xshkurti . The ip reserved for devices are'n the same, exactly for this reason. I switched manually it to put in DMZ correct device when i change one whith other.
Lets try some basic troubleshooting.
1. from the output "diag ip address list" find the IP of WAN interface and the interface name exactly how it is written that connects to Zyxel
2. do a packet capture with the output you got from the first step
dia sniffer packet <wan interface> "host 8.8.8.8 and icmp" 4 10 l
3. from another console start a ping toward internet "exe ping 8.8.8.8"
4. If that doesn't work, check routing table to see if there is some default route to go to internet
get router info routing all | grep 0.0.0.0/0
5. If there is no output from this command, you can create a static route on FortiGate to point to Zyxel router
config router static
edit 1
set gateway <zyxel ip address where fortigate connects>
set device <the correct wan interface name>
next
end
Post some output here to see it there is something missing
Fortigate is not connected to Zyxel. Fortigate is connected to router instead of Zyxel.
Now I am not in working enviroment cause it is a problem leave it without connection (there are security cameras for which I need natting).
Is something I can try in test enviroment (which works...)?
Thank you a lot
Nothing much you can try in the working environment because it works and we can not spot the problem.
Whenever you have some time to check the live environment, you can continue and update this post with your next steps so we can advise you further. But what needs to be done are the steps I sent you before.
Thank you a lot, I will write here when I'll do the check.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.