Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate - PFSense IPsec Tunnel
Hi,
I' ve configured an IPSEC Tunnel between fortigate and another firewall called PFSense. The tunnel is UP and everything is fine.
Servers behind the Fortigate firewall can ping the remote host that are behind PFsense and vice versa.
One problem that I' m experiencing is that servers behind fortigate can ping the remote gateway (172.16.10.1 - Pfsense LAN Gateway), but not the other way round, meaning that servers behind PFsense cannot ping the remote gateway
(192.168.10.1 - Fotigate LAN Gateway).
Im sure that this is something that has to do with rules from the Fortigate side.
Any Ideas? maybe someone has already ran into this problem.
The version of the firewall that I have is Fortigate-200A 3.00-b0737(MR7 Patch 3)
Thanks! awaiting for you reply.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is ping enabled on the ' internal' interface of the FGT?
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is this the same behavior as I described in the other post? The admin access must be allowed from that IP subnet in order to receive a PING response.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
In the admin access it only allows you to enter 3 trusts. And unfortunately the 172.16.0.0 subnet is not int the list.
How can I add more IP' s for the same admin.
Thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try creating a bogus admin, and use that subnet. That' s the only thing I can think of. 3 is the limit.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
That works, but is there another solution to add more trusted network rather then creating users and assign trusted hosts.
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why is PING so important? Most folks disable that anyway.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want to enable that for testing only.
Btw, I did a firmware upgrade and the new firmware image allow you to add more trusted host.
The new firmware works like a charm and has more settings especially on the VPN
tab.