I can see in the routing monitor that there are routes connected since they are directly attached. From this I understand that I only need bi-directional ipv4 policies between the subnets to make them communicate. I created these policies and can perfectly communicate and ping all devices between 10.1.0.0/23 and 10.3.0.0/24 but not between any of the other combinations. I need to be able to access 10.10.0.0/24 from 10.1.0.0./23 and I also need access to 10.4.0.0/24. Why is only one combination working when the policies are identical for the combinations? I can ping the gateway on those ranges only no other ip's, for example with the policy on I can ping 10.4.0.1 which is the gateway interface for the vlan but I can't ping a device on 10.4.0.2-254.
That is what I don't understand, I do have all the combinations in policies yet I can only ping the gateway within that range and nothing else. I can also see that when I ping a device on that range it does hit the correct policy even though I get no reply and can't communicate with those devices. What could be blocking the traffic? I have tried different devices as well. It was still working fine a few days ago and I did not change anything.
Also worth noting, when I run an advanced ip scan on the network on the affected subnets/ranges I do pick up a live device on the whole range, even though there are not even 254 devices on the range. I can however still not connect to anything on that range using http, https, icmp etc. All services are allowed in the policy.
This is the result of the sniffer test. MAIN_LAN is my 10.1.0.0/23 interface and GUEST_LAN(vlan 60) is 10.4.0.0/24.
The policy and reverse exists between these interfaces. I see now that if I scan any of those vlan ranges I get the same result from advanced ip scanner. What is also strange is I did further testing and can icmp certain devices on the network but not others. It seems the vlans are not passing properly over the LAG trunk perhaps? I can communicate between all devices on the 10.3.0.0 range but only partially with some on the 10.4.0.0 range. Also I tested with a laptop on the Guest_LAN and that laptop can't ping my PC on the main_lan but I can ping the laptop on the geust_lan. Very strange
Just one more question on the routing side while on the topic, the scenario is as follows:
We have two WAN links.
WAN1-FIBRE , All traffic using this static route to go to internet.
WAN2-CABLE, I want to be able to route the guest vlan(10.4.0.0) out on this WAN and also allow the guest lan to access the captive portal server which is on the main physical interface on a different subnet, I have been playing with the ipv4 policies in conjunction with the policy routes and static routes, I can only get either one or the other to work. I can't get both the Guest to route out on WAN 2 along with the Guest to access the captive server on the main subnet.(10.1.0.0).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.