Routing and Modbus in NAT Mode

hanialzhair · ‎10-06-2021

Hi Team,

I'm trying to configure FortiGate 300E between two private networks in an industrial control system.

Each network is on a different subnet.

Network 1: 192.168.201.3

Network 2: 192.168.63.3

The firewall is in NAT Mode. I have assigned two interfaces IP addresses on the same subnet of each side.

FW Interface2: 192.168.201.50

FW Interface3: 192.168.63.50

I connected Network 1 to Interface 2 and Network 2 to Interface 3.

Now, I've created the IPV4 policy and limit the traffic to PING and Modbus TCP IP (service port TCP 502 is already created).

NAT is enabled for all policies.

When I'm trying to ping from Network 1 to Network 2, it's successful. But when trying to ping from network 2 to network 1 it's not successful. Noting that the communication card in Network 2 (doesn't support assigning a gateway value in it).

Am I missing any configurations to be done on the firewall to make it work?

Knowing that Network doesn't support assigning a gateway (which is the Interface IP address in my opinion), Is there a way to fix this?

Thanks in advance for your support.

sprasanta · ‎06-06-2022

I don't think we have any option on Foritgate firewall to achieve this requirement . Usually , the forwarding decision is taken on the source host with an and operation then it sends the packet to gateway ip when the destination host is out of it's own subnet .

Check on the host machine NIC setting or if the running OS has any option to get a solution for this .

Routing and Modbus in NAT Mode

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website