Dear All,
Can someone tell me why for internal traffic do we need to enable nat in the policies.
Like example;
I have the following network 192.168.1.0/24 on vlan x and network 10.64.28.0/24 on vlan y. Both vlan's are using firewall as gateway and a sub interface configured with trunk to allow both vlan's. The problem if i do not enable nat on the policies both subnet cannot communicate.
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Is the FortiGate the default gateway for both VLANs? You said "firewall" but do you mean the FortiGate?
Hi,
Thank you for your reply. Yes Fortinet is using as gateway for both vlan's
Hi All,
Anyone can suggest what could be the problem.
Thanks
Silver wrote:i do not get this part:Dear All,
Can someone tell me why for internal traffic do we need to enable nat in the policies.
Like example;
I have the following network 192.168.1.0/24 on vlan x and network 10.64.28.0/24 on vlan y. Both vlan's are using firewall as gateway and a sub interface configured with trunk to allow both vlan's. The problem if i do not enable nat on the policies both subnet cannot communicate.
Thanks
sub interface configured with trunk to allow both vlan's.
There should 2 vlan subinterfaces acting as gw for both the vlans and those 2 should behave like normal interfaces. Where does the trunk come in?
Hello,
Does it happen with complete subnet or only specific hosts are tested?
- This looks to be more of a AV/Firewall on the end user or can be another L3 device which allows traffic only from the subnet it is connected to
Worth checking that part
Silver wrote:Dear All,
Can someone tell me why for internal traffic do we need to enable nat in the policies.
Like example;
I have the following network 192.168.1.0/24 on vlan x and network 10.64.28.0/24 on vlan y. Both vlan's are using firewall as gateway and a sub interface configured with trunk to allow both vlan's. The problem if i do not enable nat on the policies both subnet cannot communicate.
Thanks
Also, run debug flow or a simple sniffer command to see if the traffic exits the Fortigate on the egress VLAN or not.
Hi Vjoshi,
Thank you for your reply. This happen only with specific host but not the whole subnet. but the client did not enable the firewall or av
Thanks
i see only arp request when i did an sniffer packet
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.