Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ahmadking22
New Contributor III

NO Routing between two fortigate site to site

hello

I have two FG 30e

I CONNECT between fg1 and fg2Capture.PNG

 

(connected by SD-wan) site to site no NAT

1...when i connected site to site it is working but clients cannot open any URL by SD-wan( I put routing to SD-wan and put IP policy to allow  traffic but no work)

2...i can ping from client that connected from fg1 to clients connected to fg2 but fg2 can not ping to any IP in fg2 why

can help me please

king
king
1 Solution
ahmadking22
New Contributor III

I have solved this problem

only we need to add all network from FG2 as local network and SDWAN  IP

and from FG1 we need to add all network from FG1 as Remote network WITH SDWAN IP 

very easy but  It took me a long time to solve it and no one could help me. I solved it myself 

king

View solution in original post

king
8 REPLIES 8
akristof
Staff
Staff

Hello,

My guess is, that when you included IPSec interface into SD-WAN, you've created static default route via all SD-WAN members? So what is happening that some traffic is routed via ipsec tunnel, some via local internet connection. But this is just my assumption based on common problem. Probably, you want to have SD-WAN rule that for your internal traffic, you should use ipsec tunnel and for everything else use your local internet connection. You can share routing table and sdwan rules and we should be able to find the problem:

get router info routing-table all

diag sys sdwan service

 

Adrian
ahmadking22
New Contributor III

my sir

I create all static route to go fg2 but fg1 always go to default route (when I write Trace route always go to default gateway why ???? 

king
king
akristof

Hello, I am guessing this is the problem. Make sure that you have this option under traceroute enable:

exec traceroute-options use-sdwan yes

 

And make sure that you have correct source IP to match SDWAN rule.

Adrian
sw2090

well that is what a default route is for ;)

All traffic that does not match any other (static or connected) route will hit the defautl route and go to the default gw.

So if your clients on fg2 should have internet via fg1 sdwan you must change the default route on fg2. The route is the first thing that is looked at. Everything else derives from it...

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
gfleming
Staff
Staff

Can you better explain your topology? You say you are using SD-WAN but I only see one link here. How is SD-WAN configured? What do your rules look like?

 

Also, can you show your routing table? And your routing config?

 

Cheers,
Graham
ahmadking22
New Contributor III

hello

Tanks to All

I want to forward internet to SD-WAN FROM FG1  to FG2

king
king
gfleming

What interfaces are participating in SD-WAN?


You need to provide more info about your configuration and set up before we can give you good responses.

Cheers,
Graham
ahmadking22
New Contributor III

I have solved this problem

only we need to add all network from FG2 as local network and SDWAN  IP

and from FG1 we need to add all network from FG1 as Remote network WITH SDWAN IP 

very easy but  It took me a long time to solve it and no one could help me. I solved it myself 

king
king
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors