Dear All,
we've a network with many VLANs from the internal core network and our Fortigate outside interface is connected to the ISP with WAN IP address 10.x.y.z which is not publically routable.
our internal users are getting internet through the dynamic IP pool configured on the edge UTM but the edge UTM is not able to access internet and for that reason we couldn't activate our fortigate for forticloud.
please advise on the issue.
regards
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If you have configured the public (assuming) IP pool properly and confirmed the FGT is SNATing as you expect by "flow debug", it's a question to ISP why they don't route those IP to/from the internet through them. It doesn't matter the ISP's edge circuit has private subnet. Check traceroute toward the internet sourced from those IPs and use it to troubleshoot with the ISP.
after many trials i changed my source interface to the loopback interface on which i've used for IPSec tunnel. now i can trace google (8.8.8.8) and other public IPs bot not FQDN, i tried to change, restart the DNS but not succesful.
please advise
There seem to be multiple issues but you should fix DNS first. Under "config system dns" you can specific "source-ip" to be used for those DNS queries from the FGT itself. Try setting one of those public IPs, like the loopback IP.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.