Problem with connection

Matie · ‎08-31-2022

Hello, can someone take advice, why I cannot ping router interface and therefore internet from Linux?

Traceroute from Linux is useless -> no information

I have static default 0 route from FortiGate pointing to 23.1.2.1. I have policy from port 3 to port 2. And I have central SNAT from port 3 to port 2, where I translate to outgoing interface - no hit count.

When I try to diagnose, I see only echo request and no echo reply. I dont know why. Any tip?

What is working is ping from Linux to fortigate:

10.10.10.49/24 ping to 10.10.10.71/24 -> ok

10.10.10.49/24 ping to 23.1.2.71/24 -> ok - policy take that traffic, I have some bytes

10.10.10.49 ping to 23.1.2.1 -> not ok - policy doesn't work, No more bytes

10.10.10.49 ping to 8.8.8.8 -> not ok

Also ping from Fortigate to internet 8.8.8.8 is working

FortiGate ping to 8.8.8.8 -> ok

Please help and bear with me. I am a new guy in Fortinet

akristof · ‎09-01-2022

Hi,

The reason I've asked for the output system settings is that I saw this kind of behavior when user disable vdom (in your case you have only root vdom). Can you disable central-snat and do snat under firewall policy directly and test?

Adrian

Matie · ‎09-01-2022

I have tried this, unsuccessfully. Nothing has been changed. I have another lab and there everything works. I have there central SNAT configured and it works. I did debug there and I saw more output as in this lab. I tried to configure it exactly same way but it didn't help. I just don't understand how is possible to ping from linux to fortigate interface 23.1.2.71 and then stop. Packet cannot go to 23.1.2.1. But from Fortigate to 23.1.2.1 or internet it is working. Do you have maybe another guess? SNAT is just fine.