Hi,
We are using two Firewall layers (Brick and Fortigate).
Internet line is connected to Brick Firewall, where NATting configured.
A direct connection made between Brick and Fortigate Firewall. From Fortigate Firewall connection going to LAN.
I was trying to configure a Lan-Lan tunnel in Brick Firewall (between my office to other partner office), with all of sudden a strange behavior observed in Fortigate Firewall.
Fortigate Firewall does not sending the traffic to Brick F/w (or) Fortigate F/w does not shows any Internet related logs, except Private Ip address in Traffic logs. When I look at events, I see a critical alerts "Ping Peer: 8.8.8.8 is down".
These events are generating when I do Shutdown and no shutdown the port between Fortigate and Brick F/w's.
And then for few seconds Internet is accessible, then automatically shows no internet.
I did cable re connections, reboot Brick and Fortigate Firewalls, still same issue. I dont understand this behavior.
Could any one of you, please help me to address this issue.
Regards
Naveen
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Have you setup routes and firewall policies?
Also you can check that both FW have connectivity (ping for example).
If that doesn't work, you can do some diagnose on the traffic.
For example
diagnose debug enable
diagnose debug flow filer addr <IP_ADDR_OF_DEVICE>
diagnose debug flow trace start 10
And then read what is happening to the traffic.
Required Routes and Policies are in place already. It was working fine and during configuring L2L VPN in Brick firewall, this issue raised. I am able to ping both Firewalls interface Ip address from my LAN machine.
I will do the debug today and look for the logs.
Internet access is restored, after deselect below option under WAN1 interface (which is connecting to Brick Firewall)
"Detect Interface Status for Gateway Load Balancing"
It was selected and configured with Detect Server: 8.8.8.8
I understand this option is for ECMP. But I am not sure why it has enabled earlier and working fine.
However still, i see few private IP address communication is denying in the Fortigate Firewall.
Do you have a (simple) drawing of how you setup this?
Is Fortigate only routing traffic or performing NAT again? Did you setup routing correctly from Brick to FGT and vice versa? What does log messages show and did you enable logging in policies for all traffic? Please provide more detail.
Kind regards,
Ralph Willemsen
Arnhem, Netherlands
CCNA, CCNA sec, CCNP sec, FCNSA, FCNSP, CCSA, CCSE
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1583 | |
1038 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.