PING to VLANs host

Sebix · ‎03-22-2022

Hello.
I have problem with PING to VLANs host.

I build network in GNS3 with 3 devices FortiGate named:
FG-GDA - IP 10.0.90.1

FG-WAW- IP 10.3.90.1

FG-BYD - IP 10.1.90.1

On the FG-BYD I create VLANs:
VLAN2 - 10.1.2.1

VLAN3 - 10.1.3.1

VLAN4 - 10.1.4.1

All in ZONE named LAN

Next I connect one HOST with IP 10.1.4.22 to port3

When I try to PING from FG-GDA ora FG-WAW to the host 10.1.4.22 it unfortunately doesn't work.

But when I PING to Default Gateway VLAN - 10.1.2.1/3.1/4.1 everything works fine.

PING from FG-WAW to VLAN4 on FG-BYD

Does anyone know what the problem is??
Thanks for help.

ede_pfau · ‎03-22-2022

IMHO there are only 3 reasons possible:

1- routing

2- policy

3- software firewall on host

for 1- routing: each node between source host and destination host needs to know how to route forward (to the dest net) and backward (to the source net). In your case, FG-GDA, FG-BYD and the target host need valid routes.

for 2- as the FGT is not only a router, policies permitting the traffic are needed.

for 3- check that you can ping the target host at all, from it's LAN. Sometimes a sw firewall blocks this.

Ede

"Kernel panic: Aiee, killing interrupt handler!"

Sebix · ‎03-23-2022

I think routing and policy are ok.
But when I PING from FG-BYD to 10.1.4.1 it's ok but to 10.1.4.22 then not work.
I add trusted Host 10.1.4.0/24 to admin and nothing changed

PING FG-BYD to addresses:

Trusted Hosts:

When i PING from host 10.1.4.22 to gateway also doesn't work to.