Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Autumn 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiConnect
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDB
- FortiDDoS
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiWAN
- FortiVoice
- FortiWeb
- FortiWebCloud
- Lacework
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- How to allow address groups to communicate
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to allow address groups to communicate
Hi all. I'm in a pickle. My network guy just left and I have a situation where I have 2 subnets that I need to comunicate with one another. I am not a network guy and Fortigate is very hard for me to understand. I really need someone to explain to me, like I'm 5, how to get these subnets to communicate. For some unknown reason one of the subnets is a /32 and only contains the IP of a domain controller. The client devices are all grabbing IP addresses on a totally different subnet, so my client is unable to join their new PC's to the domain.
I've tried reading all the documentation and watching videos but it's all Greek to me. Address groups and interfaces and VLAN's oh my. If anyone out there is willing to assist me with understanding what I'm doing here I would be forever grateful. Thanks.
Labels:
- Labels:
-
FortiGate
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If possible share a network topology and firewall config (if you have no security concern)
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/702257/configuration-backups
Mrinmoy Purkayastha
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, Can you please explain to us from which network you are trying to communicate? Just share your network topology here so that we can understand properly and assist you better.
you need a firewall policy to allow communication between two networks. Please refer to this article.:- https://docs.fortinet.com/document/fortigate/7.0.0/sd-wan-sd-branch-deployment-guide/198932/allowing...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi There,
Let me try another approach since any further use of network jargon may complicate things.
What I understood so far is that you want the two subnets to communicate where one has/32 subnets assigned to a domain controller.
Imagine your Fortigate as a house and you can relate the subnets as different rooms. Now for anyone to move from one room to another, one need to pass through the doors. These doors are the route(inside the routing table) that allows one to move from one room to another. If anyone wants to go from room 1 to room 2, one need to go through the specific doors.
Likewise, if anyone want to go from room 1 to room 3, one cannot use the room 2 door but have to use the door specific to 1 and 3. So routes are cleared in terms of doors. Specific routes(door) allow specific subnets(rooms) to communicate with each other. This means that, for your problem, we have to check whether the door is there or not or it's just a room with no door at all(weird I know) Hence we have to verify the routing as one of the checks.
Secondly, firewalls also have firewall policies that allow any connection from one subnet to another. Consider this firewall policy as a security guard standing in front of the door. So, even if you have the door if the security guard does not have your name on his permit list, you won't be able to pass just yet. Hence we have to check the firewall policy as well in your case.
For example, if one of the subnets is 192.168.1.1/24 (don't stress too much /xx at this stage) and wants to reach 10.10.10.1/32, then we can try to ping(as good as say "hello") from 192 to 10 and will run some test at the FortiGate. Please follow the below steps:
Step 1:
-------
Go to the PC, and press the window+R at the same time. A small window will open, type cmd and click ok. A black window will open. For example, if the domain controller IP address is 10.10.10.1 then in this black window, type ping 10.10.10.1 -t and keep this running.
Step 2:
-------
Now login to your FortiGate CLI type the sniffer command and hit enter. You will see some outputs After 3-4 min, press ctrl+c in the FortiGate CLI window(where you run the sniffer command) and this should stop the commands outputs. After that run the command "get router info routing-table all" and hit enter. You will get some outputs. Now, navigate to the top right corner of the black window in the FortiGate CLI page and click the down arrow and this should download a file to your download folder. FYI, refer to the attached photos to assist you with each section of "ping", "sniffer", "route table" and "log file".
Please share this file here so that we can check this further. We aim to verify things one by one so as not to overwhelm the situation.
Thanks
Atul Srivastava
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Fortigate VM Double NAT issue in... 140 Views
- FortiManager unset mode config for dynamic... 199 Views
- VPNSSL Split tunneling using internet services 213 Views
- Static route with address from global... 224 Views
Labels
-
FortiGate
8,110 -
FortiClient
1,629 -
5.2
801 -
FortiManager
683 -
5.4
639 -
FortiAnalyzer
519 -
FortiAP
430 -
FortiSwitch
429 -
6.0
416 -
FortiClient EMS
366 -
5.6
362 -
FortiMail
302 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
189 -
SSL-VPN
181 -
FortiNAC
164 -
IPsec
155 -
6.4
128 -
FortiGuard
126 -
FortiGateCloud
98 -
FortiSIEM
94 -
FortiCloud Products
94 -
SD-WAN
91 -
FortiToken
86 -
Customer Service
75 -
Wireless Controller
75 -
FortiAuthenticator
72 -
4.0MR3
64 -
Firewall policy
59 -
FortiProxy
53 -
Fortivoice
50 -
FortiEDR
50 -
FortiADC
49 -
FortiExtender
43 -
VLAN
42 -
High Availability
42 -
FortiDNS
41 -
FortiSandbox
39 -
ZTNA
37 -
FortiGate v5.4
35 -
Routing
35 -
DNS
34 -
LDAP
34 -
FortiSwitch v6.4
33 -
BGP
32 -
SAML
31 -
Interface
31 -
Certificate
30 -
SSO
27 -
NAT
27 -
FortiConnect
26 -
FortiConverter
25 -
Authentication
25 -
FortiWAN
24 -
RADIUS
24 -
VDOM
24 -
FortiLink
24 -
FortiGate v5.2
23 -
Application control
21 -
Web profile
21 -
Virtual IP
20 -
Fortigate Cloud
19 -
FortiSwitch v6.2
18 -
FortiPortal
18 -
Logging
18 -
Traffic shaping
17 -
FortiPAM
17 -
FortiMonitor
16 -
FortiDDoS
15 -
SSL SSH inspection
15 -
FortiGate v5.0
14 -
OSPF
13 -
FortiCASB
12 -
SSID
12 -
Admin
12 -
IP address management - IPAM
12 -
FortiManager v5.0
11 -
Automation
11 -
Static route
11 -
WAN optimization
11 -
Web application firewall profile
11 -
FortiSOAR
10 -
FortiRecorder
10 -
SNMP
10 -
System settings
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiManager v4.0
9 -
FortiWeb v5.0
9 -
FortiAP profile
9 -
FortiBridge
8 -
RMA Information and Announcements
8 -
IPS signature
8 -
Proxy policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
Security profile
7 -
Traffic shaping policy
7 -
Port policy
7 -
FortiCache
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Intrusion prevention
6 -
FortiCarrier
5 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Fabric connector
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiDeceptor
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Antivirus profile
4 -
Traffic shaping profile
4 -
Application signature
4 -
DLP sensor
4 -
Email filter profile
4 -
Netflow
4 -
Web rating
4 -
FortiDB
3 -
FortiHypervisor
3 -
Explicit proxy
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Replacement messages
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
API
2 -
FortiNDR
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
Schedule
2 -
Service
2 -
Zone
2 -
Cloud Management Security
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
TACACS
1 -
SDN connector
1 -
Multicast policy
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1531 | |
| 1028 | |
| 749 | |
| 443 | |
| 209 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.