Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Bovie2k
New Contributor

Fortinet From To Source Destination

Ok first my firewall works as is but I don't think it's setup right. My internal network is a /18 and the LAN is a /24 contained in that /18. I have the /18 setup as a static route on the LAN network. Basically pointing the /18 route at the L3 Meraki switch I have behind the firewalls.

 

All the rules work as is today BUT on inbound rules I have to leave To = any. I still set the From, Source and Destination. On outbound rules I'm able to set all 4 From To Source Destination. If I set the To on the inbound rule the rule doesn't work. Should my LAN interface be configured as a 255.255.192.0 instead of a 255.255.255.0?

 

13 REPLIES 13
Toshi_Esumi

What do you mean by ACL? Is it on Meraki? You never mentioned about it in the original post.

 

Toshi

Bovie2k

Sorry the Firewall Policy page under Policy & Objects. I just call it the ACL. I built a new Policy with new objects that it should hit but it doesn't.

Toshi_Esumi

Are you determining the traffic you generated didn't hit the policy by checking the matching traffic counter on the policy in GUI? Eventually you have to run "flow debug" to see how the traffic is handled by the FGT. But the traffic needs to match the source and destination interfaces and destination subnet you configured.
How to do flow debug is in below at "step 4".

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

Toshi

Bovie2k
New Contributor

I spoke with Fortinet support today and figured this out. Kind of feel dumb. My management interface is on the same subnet as the computer I was trying to access because of that it won't use the default route on the other LAN interface it wants to talk to the computer from the interface its contained on. Makes perfect sense.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors