Hello
I'm using an fortigate on AWS to secure my EC2's traffic outgoing to internet.
I'm facing an little issue I don't understand.
I've got an LAN interface and an WAN.
I created a policy (NAT) to forward traffic from LAN to WAN for internet access.
This is going well for almost all EC2, except some ones for those the firewall is blocking traffic.
When I do a packet filter, we wan see that the traffic arriving from the LAN interface as source, and the firewall look for forwarding to the same interface (LAN) instead of the WAN as required by the NAT.
Why ?
An other machine in the same subnet of my first EC2 can reach internet, but not all.
The firewall drop the packets because the LAN to LAN (to reach internet) is not permit; this is normal.
It should NAT traffic to the WAN
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Team,
Can you execute these commands in the non working scenario, we will understand the flow:
diag debug reset
diag debug flow filter clear
diag debug flow filter addr <dst-ip>
diag debug flow filter proto 1
diag debug flow show function-name enable
diag debug flow trace start 10000
diag debug enable
once you get the debug you can disable the debug using this command:
diag debug disable
Please share debug with us
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1529 | |
1027 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.