hello every one
i am wondering why internet connection not working in fortigate 70f when i config the wan port ip manually ??
i try to exec ping google.com but not resolved
but when i change to dhcp to take an ip from the tplink router ,everything works just fine and i am able to ping anything from CLI .
with static ip config
i try to add static route :
0.0.0.0 172.16.16.1 (tplink gateway)
i also added dns
8.8.8.8 (unreachable )
8.8.4.4 (unreachable )
i can ping the gateway only 17.16.16.1
------------------------
i need the internet only to setup VPN site to site NOT to provide internet access to the local workstations .
as i mentioned it works only if i use DHCP not static IP . as u know DHCP not a good choice for my case ,if anything happened like power loss or restarting, it will obtain a new WAN IP address and the other site will not be able to access the database .
Created on 04-28-2024 06:01 PM Edited on 04-28-2024 06:01 PM
yah i can find it in fortigate site B in the system information window it is like : 224.125.18.451
ok u mean i have to put this ip as new static route in fortigate site A to be like
0.0.0.0/0 224.125.18.451
?
No. 224.x.x.x is a multicast IP, not a general public IP Site-B got.
I meant a user with a desktop/laptop at Site-B can go to Google, then search "what is my ip" to get an IP like below:
i managed to get site B fortigate ddns work and i can access it form outside the network by following your instructions regarding the public ip and the adsl modem .
in site B tplink modem i changed it to bridge then i reconfigured site B fortigatw wan to PPPOE and created domain dns and worked very well .
now i site A (HQ) i changed the internet connection from dsl to Fiber connection, but problem still there it only accepts DHCP . i kept it as DHCP no problem if there is an internet connection .
and created domain DDNS and seems fine : when i ping the DDNS domain name from cli it pings ok .when i try to ping the site B domain DDNS : it shows me the remote site IP but all packet loss . something is blocking DDNS .
all servers and sites can be ping but ddns cannot for site A.
Have you found out the public IP viewed from the outside at Site-B? Was it the same with the IP the TP-Link pulled from the ISP? If they're different no VPN might establish if Site-A's TPLink's IP is not static, like below:
https://community.fortinet.com/t5/Support-Forum/IPSec-Site-to-Site-VPN-between-two-carrier-grade-nat...
In any case, after many of us trying to figure this out, none of us could get enough information to determine mainly because we don't have access to your FGT and can't see what TP-Link has including traceroute result from both ends, and wasting your time as the result.
I think it's better you open a ticket at TAC then get a TAC person looked at both sides to determine what can/need to be done in your situation.
Toshi
NOW -this config without PPPoe . obtained from TPLink router DHCP with fortiguard DDNS disabled or Enabled .same result ..
yah it is the same :
what is my ip : XXX.XX.94.103
in fortigate info : XXX.XX.94.103
when i put the above ip in in the browser it opens tplink login page .
ANYWAY THNAKS will go ahead with TAC
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.