I'm just getting into the FortiGates and had a dumb question. I have a lab setup with the following:
FortiGate Internal IP: 192.168.1.99 (just using the default)
Internal Group (consists of all available LAN ports):
Port1: Wifi/Mesh AP (hosts get 192.168.68.0/24)
Port2: NAS (192.168.1.50)
The hosts on the Wifi can see each other (of course) and they can get out on to the Internet. They cannot communicate with the NAS. I've tried to create a policy that says anything trying to get the the NAS (and vice-versa) is allowed, with all protocols allowed. Still, I can't communicate with the NAS from a Wifi host.
Do I have to I break Port1 out of the Internal group so I can reference it independently and create a static route? Or should the FortiGate already be able to allow internal communications between two directly connected devices, assuming there's a firewall policy correctly configured? Before I overcomplicate it and break the Port1 out, I figured I'd ask here. Appreciated!
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.