hi there,
we use FG-60D. all ports already configured as interface.
we want to make 1 port can connect to multiple other ports.
incoming port: Port_A
10.10.10.X, gateway: 10.10.10.1
other ports:
Port_B: 192.168.10.X, gateway 192.168.10.1
and WAN
I want:
on Port_A, destination to 192.168.10.10 and 192.168.10.11, will redirect to Port_B, and connect to 192.168.10.10 or 192.168.10.11. each destination has different service.
for other destination, will connect to Internet over WAN
I have configure:
- IP Policy, Port_A to Port_B; with destination 192.168.10.10 and 192.168.10.11 (each destination has its policy)
- IP Policy, Port_B to Port_A, with destination to all IP range on port_A and all services.
- IP Policy, Port_A to WAN, source IP is Ip Range on Port_A, destination to all
- Policy Route:
Any port, Port_A with outgoing 192.168.10.10, 192.168.10.11 forward to port_B
any port, Port_A to with outgoing all forward to WAN
Am I miss something? Port_A can't connect to internet, nor to port_B
please help. thank you
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You're probably missing the basic routing concept. Based on what you explained routes&policies should take care of traffic you described. If the default route is going toward WAN, that's all you need for routing. 10.10.10.0/24 and 192.168.10.0/24 are both directly connected routes. You seem to have all policies necessary. No need for PBRs.
update progress,
now the problem is, Port_A can't connect to internet.
the rest already done.
please help
You're probably missing the basic routing concept. Based on what you explained routes&policies should take care of traffic you described. If the default route is going toward WAN, that's all you need for routing. 10.10.10.0/24 and 192.168.10.0/24 are both directly connected routes. You seem to have all policies necessary. No need for PBRs.
hi Toshi,
thanks for remind me.
still I can't figure out why 10.10.10.0/24 (port_A) can't connect to internet.
what other configuration I need?
thanks in advance
First, make sure you have NAT turned on on the policy Port_A to WAN you mentioned originally. Then run "diag sniffer packet" and "diag debug flow" to see where it's going and why it doesn't go or drops.
hi, all policy for these communication, NAT turned on. anyway, will check. I'm out of office this week. thanks anyway
hello
all now working..
many thanks for help
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.