Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bigworm
New Contributor

Created on ‎07-11-2013 01:40 AM

Routing between 2 routers

Hi, I have 2 routers, and want to route between 192.168.0.0 and 192.168.1.0. What can I do? 1. wan <---> fortigate router <--192.168.0.1-->internal lan 2. internal lan<--192.168.0.10-->tp-link wireless router<---192.168.1.1-->printers and wireless device I tried to set the static route in fortigate router but failed. Destination IP/Mask: 192.168.1.0/255.255.255.0 Gateway: 192.168.0.10 Please help!
7599
0 Kudos
10 REPLIES 10
Rick_H
New Contributor III

Created on ‎07-11-2013 07:16 AM

Welcome to the forums! Just to make sure I' m clear, it sounds like the two subnets you' re trying to route between are not both connected to the FortiGate. Is that correct? Working with that assumption... I don' t know a lot about TP-Link devices, but from the website they look like consumer-grade wireless routers. The term " router" is a bit of a misnomer as most of these devices are actually firewalls. Are you able to reach nodes on the 192.168.0.0/24 subnet from the 192.168.1.0/24 subnet but not the other way around? If so then you probably need to take a look at the firewall policies on the TP-Link to make sure you' ve allowed the traffic you want to flow between those two networks/interfaces unobstructed.
4029
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎07-11-2013 07:48 AM

How did you " fail" in setting the static route? What have you done or tried yet? Do you have policies in place? Which FortiOS do you use? Which hardware? If you connect a notebook to one port of the TP link device, can you ping anything on the other port? And vice versa?
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
4029
0 Kudos
bigworm
New Contributor

Created on ‎07-11-2013 06:49 PM

Thanks for Rick and ede_pfau. I am able to ping from 192.168.1.0/24 to 192.168.0.0/24 but not vice versa. I am a newbie in networking, using fortigate 80CM router OS 4.0 MR1, and setup the static route as mentioned before, I also tried to add the policy but still no luck. Moreover, the WAN port of tp-link connected to the LAN port of fortigate through switch hub.
4029
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎07-11-2013 11:38 PM

Just what you would have expected. Traffic from the WAN port of the WiFi router to it' s internall port is not allowed. Try the following: set the TP router into ' Bridging Mode' so that you have the same subnet on all ports (including the WiFi port). Additionally, disable the firewall on the TP. Both should be possible even with a TP router.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
4029
0 Kudos
bigworm
New Contributor

Created on ‎07-12-2013 01:27 AM

I couldn' t find the " Bridging Mode" setting in TP router, but I did disable the firewall.
4028
0 Kudos
Rick_H
New Contributor III
In response to bigworm

Created on ‎07-12-2013 06:13 AM

Did disabling the firewall do the trick for you?
4029
0 Kudos
bigworm
New Contributor

Created on ‎07-12-2013 06:17 PM

Sorry it didn' t
4029
0 Kudos
Rick_H
New Contributor III
In response to bigworm

Created on ‎07-16-2013 06:17 AM

I' m reasonably certain your issue here is on the TP-Link device. If you can ping from the LAN side of it to the WAN side but not the other way around then your routing on the FGT should be sound (hosts on the subnet connected to the FGT wouldn' t be able to respond to a subnet that isn' t part of the default route if the routing was wrong). My suggestion would be to consider using your TP-Link in AP mode instead of as a router unless you have a specific need to segregate that part of the network. If you do have that need, then you' re going to have to explore the settings on the TP-Link to determine how to let the traffic to pass as you need it to or otherwise go with a more robust wireless solution. Since you seem to have just a single AP a FortiAP might be something to consider here since you can manage it from your FortiGate (you' ll have to upgrade the firmware on that 80CM, though).
4029
0 Kudos
rwpatterson
Valued Contributor III
In response to Rick_H

Created on ‎07-16-2013 07:17 AM

What I usually end up doing with those small SoHo wireless gadgets is to plug the internal side into the FGT internal network. Use it as a bridge between the wired and wireless LAN and skip the WAN port on the SoHo gadget altogether. Most of them use the same subnet between wired and wireless, so it work 80+% of the time. Turn off all the features, zero out the WAN port and use a single DHCP server on the network (usually a server or the FGT). If you need to have a different subnet, then do the same on the other WAN port (or DMZ) on the FGT. Same principle. Use the SoHo inside interface to that FGT port.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
4029
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.