- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NAT Internal Traffic
Dear All,
Can someone tell me why for internal traffic do we need to enable nat in the policies.
Like example;
I have the following network 192.168.1.0/24 on vlan x and network 10.64.28.0/24 on vlan y. Both vlan's are using firewall as gateway and a sub interface configured with trunk to allow both vlan's. The problem if i do not enable nat on the policies both subnet cannot communicate.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is the FortiGate the default gateway for both VLANs? You said "firewall" but do you mean the FortiGate?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Thank you for your reply. Yes Fortinet is using as gateway for both vlan's
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
Anyone can suggest what could be the problem.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Silver wrote:i do not get this part:Dear All,
Can someone tell me why for internal traffic do we need to enable nat in the policies.
Like example;
I have the following network 192.168.1.0/24 on vlan x and network 10.64.28.0/24 on vlan y. Both vlan's are using firewall as gateway and a sub interface configured with trunk to allow both vlan's. The problem if i do not enable nat on the policies both subnet cannot communicate.
Thanks
sub interface configured with trunk to allow both vlan's.
There should 2 vlan subinterfaces acting as gw for both the vlans and those 2 should behave like normal interfaces. Where does the trunk come in?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Does it happen with complete subnet or only specific hosts are tested?
- This looks to be more of a AV/Firewall on the end user or can be another L3 device which allows traffic only from the subnet it is connected to
Worth checking that part
Silver wrote:Dear All,
Can someone tell me why for internal traffic do we need to enable nat in the policies.
Like example;
I have the following network 192.168.1.0/24 on vlan x and network 10.64.28.0/24 on vlan y. Both vlan's are using firewall as gateway and a sub interface configured with trunk to allow both vlan's. The problem if i do not enable nat on the policies both subnet cannot communicate.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also, run debug flow or a simple sniffer command to see if the traffic exits the Fortigate on the egress VLAN or not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Vjoshi,
Thank you for your reply. This happen only with specific host but not the whole subnet. but the client did not enable the firewall or av
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i see only arp request when i did an sniffer packet
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did someone find how what was the problem.
I'm having the same problem.
New setup with 3 interface only. WAN, Users, SRV.
Users are not able to get DNS query from the SRV subnet/interface without Nating enable.