No internet connection on the machine connected to LAN network

kichu · ‎03-31-2024

Hello Team,

Please help me to trouble shoot on the below issue

I have fortinet firewall VM (FortiOS v6.4.15 build2095 (GA)) setup, there two active ports WAN and LAN.

I have connected to a system to my LAN network, the system is assigned with an IP (70.10.10.2) coming from the Fortinet LAN interface, but not getting the internet connection or not able to ping 8.8.8.8 though i have created the policy to route through WAN.

i am sharing below, the debug comments i used and the result i got from it. pls help me on this.

FortiOS-FW-01 # diagnose debug disable

FortiOS-FW-01 # diagnose debug reset

FortiOS-FW-01 # diagnose debug flow filter saddr 70.10.10.2

FortiOS-FW-01 # diagnose debug flow filter daddr 8.8.8.8

FortiOS-FW-01 # diagnose debug flow filter proto 1

FortiOS-FW-01 # diagnose debug flow trace start 100

FortiOS-FW-01 # diagnose debug enable

FortiOS-FW-01 # id=20085 trace_id=3 func=print_pkt_detail line=5822 msg="vd-root:0 received a packet(proto=1, 70.10.1
0.2:1->8.8.8.8:2048) from port3. type=8, code=0, id=1, seq=4388."
id=20085 trace_id=3 func=init_ip_session_common line=5993 msg="allocate a new session-00008e9a"
id=20085 trace_id=3 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-192.168.1.1 via port2
"
id=20085 trace_id=4 func=print_pkt_detail line=5822 msg="vd-root:0 received a packet(proto=1, 70.10.10.2:1->8.8.8.8:2
048) from port3. type=8, code=0, id=1, seq=4389."
id=20085 trace_id=4 func=init_ip_session_common line=5993 msg="allocate a new session-00008e9b"
id=20085 trace_id=4 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-192.168.1.1 via port2
"
id=20085 trace_id=5 func=print_pkt_detail line=5822 msg="vd-root:0 received a packet(proto=1, 70.10.10.2:1->8.8.8.8:2
048) from port3. type=8, code=0, id=1, seq=4390."
id=20085 trace_id=5 func=init_ip_session_common line=5993 msg="allocate a new session-00008e9e"
id=20085 trace_id=5 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-192.168.1.1 via port2
"
id=20085 trace_id=6 func=print_pkt_detail line=5822 msg="vd-root:0 received a packet(proto=1, 70.10.10.2:1->8.8.8.8:2
048) from port3. type=8, code=0, id=1, seq=4391."
id=20085 trace_id=6 func=init_ip_session_common line=5993 msg="allocate a new session-00008ea2"
id=20085 trace_id=6 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-192.168.1.1 via port2

@Iescudero - i got the above debug comment from one of your solution

AEK · ‎04-01-2024

Hi Kichu

Use a private subnet for your internal network (70.x is public)
On the front-end router add a route back towards the internal network

AEK

kichu · ‎04-01-2024

Hi AEK,

Thanks for the reply, tried but no luck

Shashwati · ‎04-01-2024

Please confirm your LAN IP and DHCP . Debug showing traffic routed to your gw-192.168.1.1 via port2

Check the route to the Internet

kichu · ‎04-01-2024

LAN ip is 70.10.10.1 DHCP 70.10.10.2 - 254

wan ip is - 192.168.1.25 and gateway is 192.168.1.1

hbac · ‎04-02-2024

Hi @kichu,

Based on the output, traffic was forwarded to 192.168.1.1 but no response. Can you ping 192.168.1.1?

Regards,

kichu · ‎04-02-2024

Hi @hbac ,

Tried doing that, it's not reachable for the client machine.

hbac · ‎04-03-2024

@kichu,

Can you ping 192.168.1.1 from FortiGate? You can run the following commands:

exec ping 192.168.1.1

get system arp

Regards,

Shashwati · ‎04-02-2024

Check the route print for the client machine to find the next hop

kichu · ‎04-03-2024

Here is the result when i run route print,