Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mas1971
New Contributor III

Static Routing FortiOS 5.6.0 / 5.4.4

Hi,

 

i give 5.6.0 a try.

i did the Upgrade from 5.2.10 to 5.6.0 on my Fortigate 60D. It was a little odysee, because the direct update from 5.2.10 to 5.6.0 doesn´t work. (After reboot the FG60D fails an didnt came on.) So i have to reinstall 5.2.10 with TFTP and go on with 5.4.4 and after that with 5.6.0. I did not use Fortios 5.4.x because i had some issues by my first try some month ago.

 

In the moment everything works fine with my 5.2.10 configuration, but one thing is wrong.

 

my internal LAN is 192.168.100.x/24

i have got a IPsec VPN SITE:SITE Tunnel with a second LAN 192.168.101.x/24

There is one static route definition with Destination 192.168.101.0/24 on this Interface.

 

VPN Tunnel cames up, and the Routing from Outside to Inside works, as it should. (Averything fine)

But the other way round it doen´t work. No Ping. No traffic. (This is a point i got whith Fortios 5.4.x, too so its similar to 5.6.0)

 

What i find out is, that if i ping

192.168.102.1

192.168.103.1

192.168.104.1

192.168.105.1

192.168.106.1

192.168.107.1

 

i got a anwser from my cable modem, connected to WAN Port 2 and i am able to acces the cable modem.

 

config system interface     edit "wan2"         set vdom "root"         set ip 94.x.x.x 255.255.255.248         set allowaccess ping         set vlanforward enable         set type physical         set description "cccccccccccccccc"         set alias "MAIN_WAN_Unity"         set fortiheartbeat enable         set estimated-upstream-bandwidth 200000         set estimated-downstream-bandwidth 25000         set role wan         set snmp-index 3         set secondary-IP enable         config secondaryip             edit 6                 set ip 94.x.x.x2 255.255.255.255                 set allowaccess ping fgfm             next             edit 7                 set ip 94.x.x.x3 255.255.255.255                 set allowaccess ping fgfm             next             edit 8                 set ip 94.x.x.x4 255.255.255.255                 set allowaccess ping fgfm             next             edit 9                 set ip 94.x.x.x5 255.255.255.255                 set allowaccess ping fgfm             next         end     next end

i f disable the static route to the 192.168.101.0 subnet, same thing is workiing on port 192.168.101.1

so whats going wrong?

config

i cannot find any routing table for this sublan

My FG60D is configured with hardware Switch option for the internal 7 Ports.

 

config system interface

    edit "internal"         set vdom "root"         set ip 192.168.100.99 255.255.255.0         set allowaccess ping https ssh http fgfm capwap         set vlanforward enable         set type hard-switch         set stp enable         set fortiheartbeat enable         set role lan         set snmp-index 1     next

config system virtual-switch     edit "internal"         set physical-switch "sw0"         config port             edit "internal1"             next             edit "internal2"             next             edit "internal3"             next             edit "internal4"             next             edit "internal5"             next             edit "internal6"             next             edit "internal7"             next         end     next end

Any Ideas whats going wrong?Routing Table

 

S*      0.0.0.0/0 [10/0] via 94.x.x.x, wan2, [10/0] C       94.x.x.x1/29 is directly connected, wan2 C       94.x.x.x2/32 is directly connected, wan2 C       94.x.x.x3/32 is directly connected, wan2 C       94.x.x.x4/32 is directly connected, wan2 C       94.x.x.x5/32 is directly connected, wan2 C       169.254.1.1/32 is directly connected, ssl.root C       192.168.100.0/24 is directly connected, internal S       192.168.101.0/24 [5/0] is directly connected, Fritzbox-P1, [5/0] C       192.168.105.0/24 is directly connected, Hotspot

Thanks for help

Martin

 

 

 

 

 

 

 

 

 

 

 

 

 

Best wishes out of Germany
Best wishes out of Germany
0 REPLIES 0
Labels
Top Kudoed Authors