I'm trying to configure FortiGate 300E between two private networks in an industrial control system.
Each network is on a different subnet.
Network 1: 192.168.201.3
Network 2: 192.168.63.3
The firewall is in NAT Mode. I have assigned two interfaces IP addresses on the same subnet of each side.
FW Interface2: 192.168.201.50
FW Interface3: 192.168.63.50
I connected Network 1 to Interface 2 and Network 2 to Interface 3.
Now, I've created the IPV4 policy and limit the traffic to PING and Modbus TCP IP (service port TCP 502 is already created).
NAT is enabled for all policies.
When I'm trying to ping from Network 1 to Network 2, it's successful. But when trying to ping from network 2 to network 1 it's not successful. Noting that the communication card in Network 2 (doesn't support assigning a gateway value in it).
Am I missing any configurations to be done on the firewall to make it work?
Knowing that Network doesn't support assigning a gateway (which is the Interface IP address in my opinion), Is there a way to fix this?
I don't think we have any option on Foritgate firewall to achieve this requirement . Usually , the forwarding decision is taken on the source host with an and operation then it sends the packet to gateway ip when the destination host is out of it's own subnet .
Check on the host machine NIC setting or if the running OS has any option to get a solution for this .
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.