Hi,
i give 5.6.0 a try.
i did the Upgrade from 5.2.10 to 5.6.0 on my Fortigate 60D. It was a little odysee, because the direct update from 5.2.10 to 5.6.0 doesn´t work. (After reboot the FG60D fails an didnt came on.) So i have to reinstall 5.2.10 with TFTP and go on with 5.4.4 and after that with 5.6.0. I did not use Fortios 5.4.x because i had some issues by my first try some month ago.
In the moment everything works fine with my 5.2.10 configuration, but one thing is wrong.
my internal LAN is 192.168.100.x/24
i have got a IPsec VPN SITE:SITE Tunnel with a second LAN 192.168.101.x/24
There is one static route definition with Destination 192.168.101.0/24 on this Interface.
VPN Tunnel cames up, and the Routing from Outside to Inside works, as it should. (Averything fine)
But the other way round it doen´t work. No Ping. No traffic. (This is a point i got whith Fortios 5.4.x, too so its similar to 5.6.0)
What i find out is, that if i ping
192.168.102.1
192.168.103.1
192.168.104.1
192.168.105.1
192.168.106.1
192.168.107.1
i got a anwser from my cable modem, connected to WAN Port 2 and i am able to acces the cable modem.
config system interface edit "wan2" set vdom "root" set ip 94.x.x.x 255.255.255.248 set allowaccess ping set vlanforward enable set type physical set description "cccccccccccccccc" set alias "MAIN_WAN_Unity" set fortiheartbeat enable set estimated-upstream-bandwidth 200000 set estimated-downstream-bandwidth 25000 set role wan set snmp-index 3 set secondary-IP enable config secondaryip edit 6 set ip 94.x.x.x2 255.255.255.255 set allowaccess ping fgfm next edit 7 set ip 94.x.x.x3 255.255.255.255 set allowaccess ping fgfm next edit 8 set ip 94.x.x.x4 255.255.255.255 set allowaccess ping fgfm next edit 9 set ip 94.x.x.x5 255.255.255.255 set allowaccess ping fgfm next end next end
i f disable the static route to the 192.168.101.0 subnet, same thing is workiing on port 192.168.101.1
so whats going wrong?
config
i cannot find any routing table for this sublan
My FG60D is configured with hardware Switch option for the internal 7 Ports.
config system interface
edit "internal" set vdom "root" set ip 192.168.100.99 255.255.255.0 set allowaccess ping https ssh http fgfm capwap set vlanforward enable set type hard-switch set stp enable set fortiheartbeat enable set role lan set snmp-index 1 next
config system virtual-switch edit "internal" set physical-switch "sw0" config port edit "internal1" next edit "internal2" next edit "internal3" next edit "internal4" next edit "internal5" next edit "internal6" next edit "internal7" next end next end
Any Ideas whats going wrong?Routing Table
S* 0.0.0.0/0 [10/0] via 94.x.x.x, wan2, [10/0] C 94.x.x.x1/29 is directly connected, wan2 C 94.x.x.x2/32 is directly connected, wan2 C 94.x.x.x3/32 is directly connected, wan2 C 94.x.x.x4/32 is directly connected, wan2 C 94.x.x.x5/32 is directly connected, wan2 C 169.254.1.1/32 is directly connected, ssl.root C 192.168.100.0/24 is directly connected, internal S 192.168.101.0/24 [5/0] is directly connected, Fritzbox-P1, [5/0] C 192.168.105.0/24 is directly connected, Hotspot
Thanks for help
Martin
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.