Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sirride
New Contributor

Created on ‎09-24-2019 03:29 AM

Ping within subnet

I have a FortiGate 50E with a FortiSwitch 124E-FPOE 

I have a client subnet on the switch with my clients, a NAS and a printer

In addition, i have a vlan for VoIP and IPSec VPN

I can ping across all all Subnets, but not within the client subnet. e.g. client to printer

I can ping from outside the client subnet (from Wlan, from IPSec etc) to the NAS and the printer

 

I can ping from my client subnet to all other subnets

But I can not ping from the client subnet to other systems in the client subnet.

What do i need to change?

5660
0 Kudos
1 Solution
Seppel
Contributor II
In response to yunus56

Created on ‎09-24-2019 04:39 AM

could it be possible you have enabled Access VLAN on your Client VLAN?

Fortigate 500E HA Fortimail 200 Fortimanager

FortiEMS

FortiSandbox 1000D

FortiSwitch Network Some other Models in use :-) ---------------------------------------------------- FCSE ----------------------------------------------------

View solution in original post

Fortigate 500E HA Fortimail 200 Fortimanager FortiEMS FortiSandbox 1000D FortiSwitch Network Some other Models in use :-) ---------------------------------------------------- FCSE ----------------------------------------------------
4501
0 Kudos
5 REPLIES 5
yunus56
New Contributor

Created on ‎09-24-2019 03:54 AM

Hello

 

Please check your policies and pbr rules on fortigate. it seems ttaht there is problem is regarding Forti-switch

4446
0 Kudos
Seppel
Contributor II
In response to yunus56

Created on ‎09-24-2019 04:39 AM

could it be possible you have enabled Access VLAN on your Client VLAN?

Fortigate 500E HA Fortimail 200 Fortimanager

FortiEMS

FortiSandbox 1000D

FortiSwitch Network Some other Models in use :-) ---------------------------------------------------- FCSE ----------------------------------------------------

Fortigate 500E HA Fortimail 200 Fortimanager FortiEMS FortiSandbox 1000D FortiSwitch Network Some other Models in use :-) ---------------------------------------------------- FCSE ----------------------------------------------------
4502
0 Kudos
sirride
New Contributor

Created on ‎09-24-2019 04:20 AM

I don't really understand:

The Clients are in the same Subnet, so there wont be any routings / policies?

4446
0 Kudos
sw2090
SuperUser
SuperUser
In response to sirride

Created on ‎09-24-2019 07:24 AM

that's the way I know it. Client to Client in the same subnet does not even reach the firewall because the client has a route for that subnet as it has an interface in it. It does not matter if this is a vlan interface or a physical one.

Only traffic that leaves the client's subnet will hit the default gw. 

So I would point to your (Forti)Switch. Maybe it has somethink linke port isolation or similar that prevents ne port from reaching annother (Except from the uplink to the FGT).

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
4446
0 Kudos
sirride
New Contributor
In response to sw2090

Created on ‎09-24-2019 09:39 PM

 

I've now disabled "access VLAN" and now it works

 

Many thanks!

4446
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.