New VLAN doesn't get into internet - no ping to the interface of Fortinet-Firewall

TZ1 · ‎08-22-2024

Hi, I installed a second VLAN, but no computers from the new VLAN can reach the internet or ping the interface of the Fortinet-Firewall.

The new VLAN is in the same IP-Range, so it should be possible to ping it without routing.

Is there anything, preventing the Fortinet to accept calls from the VLAN?

esalija · ‎08-22-2024

Hi @TZ1 ,

Please can you run a sniffer command to check where the traffic is flowing:

# diagnose sniffer packet any "host <Source_IP> and host <Destination_IP>" 4 0 l

Best regards,
Erlin

TZ1 · ‎08-22-2024

I can try that later, but there is not much to be sniffed at - Laptop - Switch - Fortinet. From one Laptop to another one, works

esalija · ‎08-22-2024

Hi @TZ1 ,

Thanks for the answer.

Let's see if the traffic is coming at FGT or not. Also you can check with Debug commands:

# diagnose debug disable

# diagnose debug flow filter addr <client_ip> <server_ip> and

# diagnose debug flow show function-name enable

# diag debug flow show iprope enable

# diagnose debug console timestamp enable

# diagnose debug flow trace start 1000

# diagnose debug enable

Best regards,

Erlin

Nominate a Forum Post for Knowledge Article Creation