Hello my fortigate 60E version 7.0.5
I started to get cloud service and I will use the SAP program.
Cloud system has WATCHGUARD firewall
I'm doing IPSEC tunnel>Custom in Fortigate interface, phase 1 is connected-phase 2 seems to be connected, but I can't ping SAP servers
SAP server on cloud side pinging my side
My policy rules look good
Static Route part is also correct but I cannot access SAP servers from Local network
Can you help me.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
As I understand, the tunnel is up and you have issue in pinging from your local network towards SAP servers on remote end.
A sniffer would quickly help identify if traffic is allowed from local network towards remote end through the VPN tunnel.
#diag sniffer packet any 'host <sap server IP address> and icmp' 4
Once traffic is confirmed to be send through tunnel, we should be able to check on the remote end if they are received and whether policies are in place to allow this icmp traffic towards SAP servers. And if so, you may also check if SAP servers have any endpoint protection/firewall which needs to allow icmp traffic.
Best regards,
Jin
# diagnose sniffer packet any '! host 82.***.8*.114' icmp 4
interfaces=[any]
filters=[! host 82.***.8*.114]
0.272509 192.168.1.110.51778 -> 82.***.132.3.110: ack 3579408031
0.272534 85.***.3.57.**778 -> 82.***.132.3.110: ack 3579408031
0.272541 pppoe printer hasn't been added to sniffer
0.272553 pppoe printer hasn't been added to sniffer
this is the result
Thanks, but I do not see any icmp packets send from 192.168.1.110.
#diag sniff packet any 'host 192.168.1.110 and icmp' 4
We must be able to see the incoming interface, and outgoing vpn interface in the sniffer to confirm the packets have been send to the other end.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.