hello
I have two FG 30e
I CONNECT between fg1 and fg2
(connected by SD-wan) site to site no NAT
1...when i connected site to site it is working but clients cannot open any URL by SD-wan( I put routing to SD-wan and put IP policy to allow traffic but no work)
2...i can ping from client that connected from fg1 to clients connected to fg2 but fg2 can not ping to any IP in fg2 why
can help me please
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I have solved this problem
only we need to add all network from FG2 as local network and SDWAN IP
and from FG1 we need to add all network from FG1 as Remote network WITH SDWAN IP
very easy but It took me a long time to solve it and no one could help me. I solved it myself
Hello,
My guess is, that when you included IPSec interface into SD-WAN, you've created static default route via all SD-WAN members? So what is happening that some traffic is routed via ipsec tunnel, some via local internet connection. But this is just my assumption based on common problem. Probably, you want to have SD-WAN rule that for your internal traffic, you should use ipsec tunnel and for everything else use your local internet connection. You can share routing table and sdwan rules and we should be able to find the problem:
get router info routing-table all
diag sys sdwan service
my sir
I create all static route to go fg2 but fg1 always go to default route (when I write Trace route always go to default gateway why ????
Hello, I am guessing this is the problem. Make sure that you have this option under traceroute enable:
exec traceroute-options use-sdwan yes
And make sure that you have correct source IP to match SDWAN rule.
well that is what a default route is for ;)
All traffic that does not match any other (static or connected) route will hit the defautl route and go to the default gw.
So if your clients on fg2 should have internet via fg1 sdwan you must change the default route on fg2. The route is the first thing that is looked at. Everything else derives from it...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Can you better explain your topology? You say you are using SD-WAN but I only see one link here. How is SD-WAN configured? What do your rules look like?
Also, can you show your routing table? And your routing config?
hello
Tanks to All
I want to forward internet to SD-WAN FROM FG1 to FG2
What interfaces are participating in SD-WAN?
You need to provide more info about your configuration and set up before we can give you good responses.
I have solved this problem
only we need to add all network from FG2 as local network and SDWAN IP
and from FG1 we need to add all network from FG1 as Remote network WITH SDWAN IP
very easy but It took me a long time to solve it and no one could help me. I solved it myself
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.