Ok first my firewall works as is but I don't think it's setup right. My internal network is a /18 and the LAN is a /24 contained in that /18. I have the /18 setup as a static route on the LAN network. Basically pointing the /18 route at the L3 Meraki switch I have behind the firewalls.
All the rules work as is today BUT on inbound rules I have to leave To = any. I still set the From, Source and Destination. On outbound rules I'm able to set all 4 From To Source Destination. If I set the To on the inbound rule the rule doesn't work. Should my LAN interface be configured as a 255.255.192.0 instead of a 255.255.255.0?
What do you mean by ACL? Is it on Meraki? You never mentioned about it in the original post.
Toshi
Sorry the Firewall Policy page under Policy & Objects. I just call it the ACL. I built a new Policy with new objects that it should hit but it doesn't.
Are you determining the traffic you generated didn't hit the policy by checking the matching traffic counter on the policy in GUI? Eventually you have to run "flow debug" to see how the traffic is handled by the FGT. But the traffic needs to match the source and destination interfaces and destination subnet you configured.
How to do flow debug is in below at "step 4".
I spoke with Fortinet support today and figured this out. Kind of feel dumb. My management interface is on the same subnet as the computer I was trying to access because of that it won't use the default route on the other LAN interface it wants to talk to the computer from the interface its contained on. Makes perfect sense.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.