I created site to site vpn for our 2 branches, both with fortigate device. It shows that it is up and ping is successful in CLI. but in the remote and local user it is unreachable. Our main branch is using the fortinet as main router with PPOE. branch 2 there is a business in a box maintained by ISP with public IP and fortinet has a local Wan ip as well. Anyone have any idea what i need to do.
Thanks,
Hi ,
please verify below points
1. firewall policy is in place ( VPN to LAN and vice versa)
2. any policy route configured for internet routing ?
collect the below output from CLI.
diag sniffer packet any 'src host x.x.x.x and dst host y.y.y.y' 4 0
replace x.x.x.x with local system ip and y.y.y.y with remote system ip.
Regards
Mahesh
Hi Paul,
Please try to run the below command to check the flow filter logs
di de flow filter saddr x.x.x.x
di de flow filter daddr y.y.y.y
di de flow filter proto 1
di de flow show function-name
di de flow show iprope enable
di de flow trace start 1000
di de en
The iprope command will let us know which policy the traffic is hitting. First we would need to verify if the traffic is hitting the correct policy
After running the command, try to initiate a ping from the Test pc. Check the logs see if the firewall is allowing the connection
Regards
Vishal P
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.