I have established an S2S VPN tunnel from my FortiGate-100F to AWS VPC
I can ping from the EC2 to a local device but however, I cannot ping from a local device to my AWS EC2
I have already set up a static route and even tried the policy route but still no luck...
below is the config I have set
Much appreciate any help
Thanks in advance!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Simon,
To further troubleshoot the issue we would need to run the flow debug command on the CLI to check if the traffic is leaving the firewall or not
di de flow filter clear
di de reset
di de flow filter saddr x.x.x.x
di de flow filter daddr y.y.y.y
di de flow filter proto 1
di de flow show function-name
di de flow show iprope enable
di de flow trace start 1000
di de en
Where x.x.x.x is the source ip address and y.y.y.y is the destination ip address. After running the command, please try to initiate a ping from a test pc to the other site
To disable the logs on the firewall, please run the command
di de di
Refer link: https://docs.fortinet.com/document/fortigate/6.2.10/cookbook/54688/debugging-the-packet-flow
Regards
Hi Simon,
To further troubleshoot the issue we would need to run the flow debug command on the CLI to check if the traffic is leaving the firewall or not
di de flow filter clear
di de reset
di de flow filter saddr x.x.x.x
di de flow filter daddr y.y.y.y
di de flow filter proto 1
di de flow show function-name
di de flow show iprope enable
di de flow trace start 1000
di de en
Where x.x.x.x is the source ip address and y.y.y.y is the destination ip address. After running the command, please try to initiate a ping from a test pc to the other site
To disable the logs on the firewall, please run the command
di de di
Refer link: https://docs.fortinet.com/document/fortigate/6.2.10/cookbook/54688/debugging-the-packet-flow
Regards
Created on 06-23-2022 08:15 PM Edited on 06-23-2022 08:37 PM
Thanks for your reply, after debugging the packet flow, I am able to found out the problem, we have set wan1 as the out-going interface for my wifi VLAN which I think messed up the route, now I removed it from the policy route and it is working fine, thanks a lot for the tips!!!!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.