Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
papapuff
New Contributor II

How to make one interface connect to 2 interfaces

hi there,

we use FG-60D. all ports already configured as interface.

we want to make 1 port can connect to multiple other ports.

incoming port: Port_A

10.10.10.X, gateway: 10.10.10.1

other ports:

Port_B: 192.168.10.X, gateway 192.168.10.1

and WAN

 

I want:

on Port_A, destination to 192.168.10.10 and 192.168.10.11, will redirect to Port_B, and connect to 192.168.10.10 or 192.168.10.11. each destination has different service.

for other destination, will connect to Internet over WAN

 

I have configure:

- IP Policy, Port_A to Port_B; with destination 192.168.10.10 and 192.168.10.11 (each destination has its policy)

- IP Policy, Port_B to Port_A, with destination to all IP range on port_A and all services.

- IP Policy, Port_A to WAN, source IP is Ip Range on Port_A, destination to all

- Policy Route:

Any port, Port_A with outgoing 192.168.10.10, 192.168.10.11 forward to port_B 

any port, Port_A to with outgoing all forward to WAN

 

Am I miss something? Port_A can't connect to internet, nor to port_B

 

please help. thank you

1 Solution
Toshi_Esumi
Esteemed Contributor III

You're probably missing the basic routing concept. Based on what you explained routes&policies should take care of traffic you described. If the default route is going toward WAN, that's all you need for routing. 10.10.10.0/24 and 192.168.10.0/24 are both directly connected routes. You seem to have all policies necessary. No need for PBRs.

View solution in original post

6 REPLIES 6
papapuff
New Contributor II

update progress,

now the problem is, Port_A can't connect to internet.

the rest already done.

 

please help

Toshi_Esumi
Esteemed Contributor III

You're probably missing the basic routing concept. Based on what you explained routes&policies should take care of traffic you described. If the default route is going toward WAN, that's all you need for routing. 10.10.10.0/24 and 192.168.10.0/24 are both directly connected routes. You seem to have all policies necessary. No need for PBRs.

papapuff

hi Toshi,

thanks for remind me.

 

still I can't figure out why 10.10.10.0/24 (port_A) can't connect to internet.

 

what other configuration I need?

 

thanks in advance

Toshi_Esumi
Esteemed Contributor III

First, make sure you have NAT turned on on the policy Port_A to WAN you mentioned originally. Then run "diag sniffer packet" and "diag debug flow" to see where it's going and why it doesn't go or drops.

papapuff

hi, all policy for these communication, NAT turned on. anyway, will check. I'm out of office this week. thanks anyway

papapuff
New Contributor II

hello

all now working..

many thanks for help

Labels
Top Kudoed Authors