- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- NO internet connection when using static ip ?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NO internet connection when using static ip ?
hello every one
i am wondering why internet connection not working in fortigate 70f when i config the wan port ip manually ??
i try to exec ping google.com but not resolved
but when i change to dhcp to take an ip from the tplink router ,everything works just fine and i am able to ping anything from CLI .
with static ip config
i try to add static route :
0.0.0.0 172.16.16.1 (tplink gateway)
i also added dns
8.8.8.8 (unreachable )
8.8.4.4 (unreachable )
i can ping the gateway only 17.16.16.1
------------------------
i need the internet only to setup VPN site to site NOT to provide internet access to the local workstations .
as i mentioned it works only if i use DHCP not static IP . as u know DHCP not a good choice for my case ,if anything happened like power loss or restarting, it will obtain a new WAN IP address and the other site will not be able to access the database .
Labels:
- Labels:
-
FortiGate
34 REPLIES 34
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @morana ,
Thank you for contacting the Fortinet Forum portal.
Whatever mode you use make sure the arp entry is present in the arp table of the FortiGate to ensure the next hop route.
-Did you verify with the ISP the same information as to why the manual configuration is not working as expected?
Please refer below article and make sure the steps:
Best regards,
Manasa.
If you feel the above steps helped resolve the issue, mark the reply as solved so that other customers can get it easily while searching for similar scenarios.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the arp table shows me the ip 172.16.16.1 with interface wan2 -- fine
no problem with isp . i can configure static ip for any device like my laptop .except forigate .
i have 2 wan connections port wan1 is fine .
port wan2 not working static .
is it related to firewall policy ??
if so ,how can i add a rule firewall policy for wan 2 to get internet access for only fortigate system , i do not want the local machines clients that connected to fortigate gateway to be provided with internet .?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Morana
Firewall policy doesn't have control on firewall generated traffic (like ping from FG to WAN). I think you have another default gateway in your routing table that has lower priority or lower distance than a manually added static route. You can check with command:
get router info routing-table all
If this is the case then you need to manage your default gateways depending on your requirement, e.g.: if that route is not needed then just remove it, or if is a WAN gateway you may use SD-WAN or policy routes, etc...
AEK
AEK
Created on 04-28-2024 07:12 AM Edited on 04-28-2024 07:20 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
wan1 is used as service from ISP provider for VOIP only and is configured static 16.16.16.1
now i added wan2 (port 2 connected directly to tplink router with new ip :192.168.1.2 ) just for internet connection to use vpn ipsec site to site . static not working for internet connection but DHCP works the problem is even with DHCP the ipsec tunnel not up for both sites .
all what i need is to make the vpn site to site working (fortigate to fortigate ) i tried every possible but not success .
site 1 (dhcp = internet ok )
site 2(static ip= internet ok)
but there is no connection between tunnels !! is it because DHCP ?
i mean in order to start ipsec site to site .static ip is required for both sites ?
one more thing
there is deafult gateway in static route :
0000/0 0000
is this required or should remove it ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you share the whole line of that existing default gateway (0000/0 0000)?
Also please you share the route entry that you added manually (from the same command), as well as the entry added with DHCP.
AEK
AEK
Created on 04-28-2024 08:17 AM Edited on 04-28-2024 08:21 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
192.168.40.0/24 16.16.16.4 VOIP-SERVS(WAN1) enabled Margo-office
192.168.30.0/24 16.16.16.3 VOIP-SERVS(WAN1) enabled Margo-office2
192.168.20.0/24 16.16.16.2 VOIP-SERVS(WAN1) enabled Margo-office3
0.0.0.0/0 0.0.0.0 VOIP-SERVS(WAN1) enabled Default Gaetway
0.0.0.0/0 192.168.1.1 NET-VPN (WAN2) enabled
the last line is for static ip for internet gateway
for the DHCP is obtained :
192.168.1.7/255.255.255.0
Created on 04-28-2024 08:15 AM Edited on 04-28-2024 08:16 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
192.168.40.0/24 16.16.16.4 VOIP-SERVS(WAN1) enabled Margo-office
192.168.30.0/24 16.16.16.3 VOIP-SERVS(WAN1) enabled Margo-office2
192.168.20.0/24 16.16.16.2 VOIP-SERVS(WAN1) enabled Margo-office3
0.0.0.0/0 0.0.0.0 VOIP-SERVS(WAN1) enabled Default Gaetway
0.0.0.0/0 192.168.1.1 NET-VPN (WAN2) enabled
the last line is for static ip for internet gateway
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can find details related to route distance and preference on this article.
It seems that the Wan1 interface is preferred over the static route that you insert manually.
- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
If you have found a solution, please like and accept it to make it easily accessible for others.
Created on 04-28-2024 09:19 AM Edited on 04-28-2024 09:22 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks for reply i red the article and got a headache ,i am not an expert and do not want to do anything related to command line . if i can do that with GUI will be fine but how to make it for my case i do not know .
all what i want is to keep wan1 working as it is know , at the same time wan2 working for ipsec site to site . i could not figure it out , is the problem within routing or with internet itself . but as i mentioned Site 1 DHCP is with internet access and site B static is with internet access for both i can ping anything like yahoo and google etc, but when it comes to ipsec tunnel both shows me : STATUS : inactive
Related Posts
- Virtual IP for npm breaks my... 304 Views
- Forticlient VPN Permission denied (-455) 327 Views
- Novice Needing Help Setting Up FortiGate... 259 Views
- WAN DNS 273 Views
- Internet data not passing from firewall 184 Views
Labels
-
FortiGate
6,666 -
FortiClient
1,328 -
5.2
801 -
5.4
639 -
FortiManager
577 -
FortiAnalyzer
421 -
6.0
416 -
5.6
362 -
FortiSwitch
342 -
FortiAP
339 -
FortiClient EMS
271 -
FortiMail
254 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
158 -
6.4
128 -
FortiNAC
109 -
FortiGuard
106 -
FortiSIEM
91 -
FortiGateCloud
87 -
FortiCloud Products
85 -
IPsec
77 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
67 -
4.0MR3
64 -
Wireless Controller
58 -
FortiProxy
46 -
FortiADC
44 -
Fortivoice
41 -
FortiEDR
40 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
31 -
FortiSwitch v6.4
29 -
Firewall policy
29 -
SD-WAN
29 -
High Availability
24 -
FortiConnect
24 -
VLAN
22 -
FortiWAN
22 -
FortiConverter
21 -
FortiAuthenticator
20 -
ZTNA
19 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
SAML
14 -
Certificate
14 -
BGP
13 -
DNS
13 -
FortiGate v5.0
13 -
Interface
13 -
FortiDDoS
13 -
Logging
13 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
LDAP
11 -
fortilink
10 -
Virtual IP
10 -
FortiRecorder
10 -
RADIUS
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
SSL SSH inspection
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SSO
7 -
Application control
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SNMP
6 -
Traffic shaping policy
5 -
Web application firewall profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
Web profile
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Email filter profile
2 -
Netflow
2 -
trunk
2 -
4.0MR1
1 -
Users
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.