Good afternoon!
I am a networking rookie currently working with a Fortigate 80F, and am trying to understand how NAT works. I have two computers connected to the router with static IP addresses of 192.168.1.1 (PC1) and 192.168.1.101 (PC2). I am looking to set something basic up in which I can ping a virtual IP address (let's say 192.168.50.1) on PC1, and this will translate to PC2's IP address and get a reply back from PC2. I set up a Virtual IP to do this on PC1, and still have all interfaces on the hardware switch. I didn't get any response from the ping. I also added an IPv4 policy to allow traffic from the internal switch through that pings the VIP, but this also didn't work. Am I missing something here? I'm confused as to why this isn't working. I would really appreciate any insights anyone can provide!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You should try two PCs on two different interfaces. I don't know if an 80F has hard-switch like "internal" to combine all LAN ports. But if so, you should break them into individual ports like internal1 and internal2. Then assign different subnets to each interface and connect a PC to one port.
So that it's easy to understand what is external interface what is internal in terms of VIP, which is described at cookbooks and other documents.
Thanks for your response! Which subnet mask would need to be expanded in this case? The subnet of the internal3 and internal4 ports, or the subnet mask of the PCs themselves? Sorry for such novice questions, I am very new to networking. I really appreciate your help!
If your subnet is 255.255.255.0 (24 bit), then the first three octets of all devices in the subnet have to match.
192.168.1.x, 192.168.2.x, etc.
(192.168.2.0/24 and 192.168.3.0/24 respectively)
A device on internal3 would need to have 192.168.2.x, and internal4 would need to have 192.168.4.x. Default gateways would be the Fortigate IP address for each interface.
Please look into a rudimentary online networking tutorial. It will help you loads going forward if you plan on pursuing this as a career.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1516 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.