I can't access internet from my pc that is in the same subnet as the LAN port,
Firewall policies are created (LAN-WAN) dst lan port address / src all, and (WAN-LAN).
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello BKR
You can start by enabling all traffic logging on the related policy, then check in traffic log if your traffic is being allowed or blocked.
Hi
Please provide the below information;
CLI 1:
# diagnose debug flow filter addr x.x.x.x<------- Destination address
# diagnose debug flow show function-name enable
# diagnose debug flow show iprope enable
# diagnose debug flow trace start 100
# diagnose debug enable
Initiate ping from the PC to Internet (Eg: 8.8.8.8)
# diagnose debug disable <------------ Run this command to disable debug
CLI 2:
# diagnose sniffer packet any "host < destination IP >" 4 0 1
Hi,
Please check in logs if you see any log for your PC IP?
Please check the firewall policy to see if you have correctly configured it. https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/656084/firewall-policy
Are you using SD-WAN?
Please share the debug flow logs here.
Hi also try doing the pcap on the lan interface for any traffic filter for that source ip to see if you are seeing any traffic coming on fortigate, and try ping to lan interface ip as well to see it is able to communicate to lan. and try the ping from fortigate to that device as well to see if it is connecting from fortigate, if the device is wndows make sure to disable firewall on that pc before trying to ping to it
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.