I am currently setting up a test infrastructure to update all our fortigate to forti os 7.0.x.
For now all the fortigates are in version 6.4.12
I declare the IP 10.10.1.80 as my DMZ (only one IP can be set as DMZ) and until two days ago all the connection was sent to the FortiGate and all was working so for example when I wanted to connect to the SSL VPN I was using the public IP of the router and it was working fine, I could also ping and connect to a Forticlient EMS that I had set up.
But to test the failover I restarted the active FortiGate, at this moment I loose my VPN connection, and I also loose the connection on the local address.
From this moment I never got access again to the fortigate outside of my network again.
I sniffed the traffic to check that the firewall was receibing it and I saw the Forticlient TCP request, but the fortigate do not reply to it :
And at the end of the sniff, the kernel dropped 0 packet.
To try to debug that I allowed all connection in the firewall local-In-policy :
This do not work either.
I also create ALL to ALL rules for almost all my interfaces.
To make sure the problem was not from my router, I set another device as DMZ and I could access it from internet. So the problem is probably on the fortigate.
Do someone has already got the problem or an idea to solve this ?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.