I have 2 offices, Site A is Sophos and Site B is Fortigate. I have established Site-To-Site VPN for the two sites. The tunnel between the two sites is UP, but the Tunnel Interface IP cannot ping each other and the two sites cannot ping each other. The server under the site cannot ping the opposite endpoint.
The following is relevant information:
Site A (Sophos)
Site B (Fortigate)
(Below Fortigate IPSec Tunnel Status)
Here I'm using Route-based to establish a Site-To-Site VPN connection, I've also tried Policy-based, but neither worked, and I'm not sure if I'm missing any settings.
I can't ping from the tunnel interface 10.212.0.1 to 10.212.0.6, nor does the reverse ping from 10.212.0.6 to 10.212.0.1.
and i tried the mtr from server, according to the server's mtr tracking, the data will stop at Fortigate's LAN Gateway
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
While pinging the destination, try the following commands to see if the packet flows through the right interfaces:
diag sniffer packet any "host x.x.x.x and icmp" 4
And try the below to see why it is blocked (if so):
diag debug flow filter addr x.x.x.x
diag debug flow filter proto 1
diag debug console timestamp enable
diag debug flow show iprope enable
diag debug flow show function-name enable
diag debug flow trace start 100
diag debug enable
Hi @AEK
Thank you for your help. Today, I conducted various checks again without changing any settings, and suddenly the tunnel started working, but I don't know why. I'm not sure if it's a bug in the Sophos Firewall or some issue with the internet line.
But all the setup steps should be correct.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1697 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.