First my environment is on Huawei cloud, I have fortigate FW connected to VPC1, and VPC2 connected VPC1.
VPC's subnets:
VPC1: 10.0.0.0/16
VPV2: 10.1.0.0/16
I have created VLANs on firewall that matches each subnet on VPC2, for example I have a server connected to VPC2 with IP address 10.1.1.100, so in firewall under my LAN interface I created VLAN interface with subnet 10.1.1.0/24
static routes have been created on Huawei from VPC1 to VPC2, and vise versa.
static routes have been created on Firewall to communicate with VPC2 through VPC1.
With my current configuration:
I have access to server connected to VPC1 through VPN, but not to VPC2 server (note that I only have access to VPC2 servers using VPC1 server).
I don't have ping to servers on VPC2 from firewall.
I can access FW from VPC1 and VPC2.
Both VPCs have access to internet (traffic is passing through firewall)
What do I need to let the VLANs communicate with the subnets on the switch?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If there is a router between FGT and VPC2 10.1.0.0/16, the why did you create a VLAN on FGT with subnet 10.1.0.0/16? In such case FGT will not use the router to reach your VPC2, but for FGT the subnet is directly connected.
If there is a router between FGT and VPC2 10.1.0.0/16, the why did you create a VLAN on FGT with subnet 10.1.0.0/16? In such case FGT will not use the router to reach your VPC2, but for FGT the subnet is directly connected.
Yes you are absolutely right! .. I fixed it
I think you need to create a better network diagram (physical or logical) and specify if the subnets are reached through routing (next hops) or the VLANs (L2 broadcast networks) can be spanned through the VPC like they are done in a physical switch. How is the link between VPCs and FGT-VPC1 working, is it a point to point routed interfaces or like a trunk with multiple tagged VLANs?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.