Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BKR
New Contributor II

Created on ‎10-13-2024 02:50 AM

Issue with VLANs created on Fortigate firewall can't communicate with subnets on switch

First my environment is on Huawei cloud, I have fortigate FW connected to VPC1, and VPC2 connected VPC1.

VPC's subnets:
VPC1: 10.0.0.0/16
VPV2: 10.1.0.0/16

I have created VLANs on firewall that matches each subnet on VPC2, for example I have a server connected to VPC2 with IP address 10.1.1.100, so in firewall under my LAN interface I created VLAN interface with subnet 10.1.1.0/24

static routes have been created on Huawei from VPC1 to VPC2, and vise versa.
static routes have been created on Firewall to communicate with VPC2 through VPC1.

With my current configuration:

  • I have access to server connected to VPC1 through VPN, but not to VPC2 server (note that I only have access to VPC2 servers using VPC1 server).

  • I don't have ping to servers on VPC2 from firewall.

  • I can access FW from VPC1 and VPC2.

  • Both VPCs have access to internet (traffic is passing through firewall)

Screenshot 2024-10-10 005337.png

What do I need to let the VLANs communicate with the subnets on the switch?

168
0 Kudos
1 Solution
AEK
SuperUser
SuperUser

Created on ‎10-13-2024 05:24 AM

If there is a router between FGT and VPC2 10.1.0.0/16, the why did you create a VLAN on FGT with subnet 10.1.0.0/16? In such case FGT will not use the router to reach your VPC2, but for FGT the subnet is directly connected.

AEK

View solution in original post

AEK
121
3 REPLIES 3
AEK
SuperUser
SuperUser

Created on ‎10-13-2024 05:24 AM

If there is a router between FGT and VPC2 10.1.0.0/16, the why did you create a VLAN on FGT with subnet 10.1.0.0/16? In such case FGT will not use the router to reach your VPC2, but for FGT the subnet is directly connected.

AEK
AEK
122
BKR
New Contributor II
In response to AEK

Created on ‎10-14-2024 12:29 AM

Yes you are absolutely right! .. I fixed it

45
ebilcari
Staff
Staff

Created on ‎10-13-2024 06:46 AM

I think you need to create a better network diagram (physical or logical) and specify if the subnets are reached through routing (next hops) or the VLANs (L2 broadcast networks) can be spanned through the VPC like they are done in a physical switch. How is the link between VPCs and FGT-VPC1 working, is it a point to point routed interfaces or like a trunk with multiple tagged VLANs?

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
104
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.