Problem with connection

Matie · ‎08-31-2022

Hello, can someone take advice, why I cannot ping router interface and therefore internet from Linux?

Traceroute from Linux is useless -> no information

I have static default 0 route from FortiGate pointing to 23.1.2.1. I have policy from port 3 to port 2. And I have central SNAT from port 3 to port 2, where I translate to outgoing interface - no hit count.

When I try to diagnose, I see only echo request and no echo reply. I dont know why. Any tip?

What is working is ping from Linux to fortigate:

10.10.10.49/24 ping to 10.10.10.71/24 -> ok

10.10.10.49/24 ping to 23.1.2.71/24 -> ok - policy take that traffic, I have some bytes

10.10.10.49 ping to 23.1.2.1 -> not ok - policy doesn't work, No more bytes

10.10.10.49 ping to 8.8.8.8 -> not ok

Also ping from Fortigate to internet 8.8.8.8 is working

FortiGate ping to 8.8.8.8 -> ok

Please help and bear with me. I am a new guy in Fortinet

akristof · ‎08-31-2022

Hi,

Can you rerun the debug flow with these two commands:

diag debug flow show func en

diag debug flow show iprope en?

Adrian

Matie · ‎09-01-2022

Hi Adrian,

can you please tell me, how exactly should I type these commands. In which queue. Please bear with me, because I am new in Fortinet. I have typed commands like this. I don't know whether it is ok or don't. Please check output and let me know. Thank You

akumarr · ‎09-01-2022

Hi Matie.

Please use the below-mentioned commands,

diag deb disable
diag deb reset
diag deb flow filter daddr x.x.x.x
diag deb flow filter proto 1
diag debug flow show iprope en
diag deb flow sh fun en
diag deb flow trace start 999
diag deb en

You can replace x.x.x.x with the destination IP and you can use any destination.
I suggest you to use 4.2.2.2, also please try to send 2 or 3 packets.
Kindly avoid continuous ping

Best regards,
ARUNKUMAR.R.

Matie · ‎09-01-2022

Hi Arunkumar

I have issued the commands as you mentioned. This is final output. I hope it helps. Please let me know what you see in this output. I hope there is an answer for my problem. Thank you.

akumarr · ‎09-01-2022

Dear Matie.

Could you please copy and paste the complete output/image.

Best regards,
ARUNKUMAR.R.

akristof · ‎09-01-2022

This might be silly question, can you share with me output "show system settings"?

Adrian

Matie · ‎09-01-2022

I am sorry. I have never did the debugs. Here you can find output from show system settings. The output of previous commands are repeating. I have made 3 pings. Second picture is output of these commands. I am pinging from linux device.

Matie · ‎09-01-2022

I gave you complete output. I am pinging from linux device. I have never did the debug on fortigate yet. I am like a fortinet virgin :D. So please check output of commands what have you typed and let me know if something missing.

Matie · ‎09-01-2022

Hi Akumarr,

can you please tell me, why is my output so short? Why it doesn't display policies, NAT translation? I have configured policies and NAT. It looks like it shows only static route. I dont understand why I dont see other things. What should I do to configure it right way? Thank You. I will send other outputs if you want and tell me what output you need.