Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
keny2b
New Contributor

Fortigate interface is not able to access internet with dynamic pool

Dear All,

 

we've a network with many VLANs from the internal core network and our Fortigate outside interface is connected to the ISP with WAN IP address 10.x.y.z which is not publically routable.

our internal users are getting internet through the dynamic IP pool configured on the edge UTM but the edge UTM is not able to access internet and for that reason we couldn't activate our fortigate for forticloud. 

 

please advise on the issue.

 

regards

 

 

 

3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

If you have configured the public (assuming) IP pool properly and confirmed the FGT is SNATing as you expect by "flow debug", it's a question to ISP why they don't route those IP to/from the internet through them. It doesn't matter the ISP's edge circuit has private subnet. Check traceroute toward the internet sourced from those IPs and use it to troubleshoot with the ISP.

keny2b
New Contributor

after many trials i changed my source interface to the loopback interface on which i've used for IPSec tunnel. now i can trace google (8.8.8.8) and other public IPs bot not FQDN, i tried to change, restart the DNS but not succesful.

 

please advise

 

Toshi_Esumi

There seem to be multiple issues but you should fix DNS first. Under "config system dns" you can specific "source-ip" to be used for those DNS queries from the FGT itself. Try setting one of those public IPs, like the loopback IP.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors