Fortinet Community

keny2b · ‎12-29-2020

Dear All,

we've a network with many VLANs from the internal core network and our Fortigate outside interface is connected to the ISP with WAN IP address 10.x.y.z which is not publically routable.

our internal users are getting internet through the dynamic IP pool configured on the edge UTM but the edge UTM is not able to access internet and for that reason we couldn't activate our fortigate for forticloud.

please advise on the issue.

regards

Toshi_Esumi · ‎12-30-2020

If you have configured the public (assuming) IP pool properly and confirmed the FGT is SNATing as you expect by "flow debug", it's a question to ISP why they don't route those IP to/from the internet through them. It doesn't matter the ISP's edge circuit has private subnet. Check traceroute toward the internet sourced from those IPs and use it to troubleshoot with the ISP.

keny2b · ‎01-01-2021

after many trials i changed my source interface to the loopback interface on which i've used for IPSec tunnel. now i can trace google (8.8.8.8) and other public IPs bot not FQDN, i tried to change, restart the DNS but not succesful.

please advise

Toshi_Esumi · ‎01-01-2021

There seem to be multiple issues but you should fix DNS first. Under "config system dns" you can specific "source-ip" to be used for those DNS queries from the FGT itself. Try setting one of those public IPs, like the loopback IP.

Fortinet Community

Fortigate interface is not able to access internet with dynamic pool