Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Yac
New Contributor

Created on ‎05-04-2025 07:37 AM

Static route between 2 fortigates does not work correctly.

Hi,

If I summarize correctly, we have 2 sites A and B.

On site A, we have the fortigate which is a NAT router and the ISP's internet connection is connected to the fortigate.
On site A, we have the fortigate which is a NAT router and the ISP's Internet connection is connected to the fortigate's WAN port.
On site B, we have a 2nd Fortigate, and have connected port 1 of Fortigate1 to the WAN1 of the second Fortigate.
On the Lan of the second Fortigate, we've allocated the CCTV cameras, and we'd like to view them from our site A.

Fortigate1 LAN IP address: 172.20.100.1/24

Fortigate 2 LAN IP address: 192.168.1.1/24

Fortigate1 WAN IP address: 10.1.10.1

Fortigate2 WAN IP address: 10.1.10.2

Yacer ALI
Yacer ALI
Labels:
1701
0 Kudos
16 REPLIES 16
dingjerry_FTNT
Staff
Staff
In response to Yac

Created on ‎05-05-2025 01:16 PM

Thank you, and this is much better and it proves that this statement is incorrect:

 

Fortigate1 WAN IP address: 10.1.10.1

 

It is port4 interface with the IP address 10.1.10.1

I assume that the CCTV cameras have the IPs from the 192.168.1.0/24 subnet, correct?

 

Do they allow source IP from IPs other than the 192.168.1.0/24 subnet?  

 

1) On FGT1, create a static route for the 192.168.1.0/24 subnet with interface port4 and default gateway 10.1.10.2;

 

2) On FGT2, create a static route for the 172.20.100.0/24 subnet with interface wan1 and default gateway 10.1.10.1;

 

3) Create appropriate firewall policies on FGT1 and FGT2 respectively.  If CCTV cameras do not like source IP other than 192.168.1.0/24 subnet, you may enable NAT in the inbound firewall policy on FGT2.

Regards,

Jerry
586
0 Kudos
Yac
New Contributor
In response to dingjerry_FTNT

Created on ‎05-06-2025 09:40 AM

Thank you for your support.
I'm sending the screenshots of my configuration according to your suggestion.
And sorry, I got the IP address of the FG1 lan wrong: 172.20.99.1/29
But I still can't ping the IP address of the camera which is 192.168.1.175.
knew yself
I can't figure out what's blocking it.PC IP.jpgPolicy FG1.jpgPolicy FG2.jpgStatic route FG1.jpgStatic route FG2.jpg

Yacer ALI
Yacer ALI
476
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Yac

Created on ‎05-05-2025 01:18 PM

You need to draw in Site A and a VPN between two sites as well in the same diagram. Then, the static routes you need become obvious.

Toshi

584
0 Kudos
dingjerry_FTNT
Staff
Staff
In response to Toshi_Esumi

Created on ‎05-05-2025 01:22 PM

In his network diagram, since port4 on FGT1 and wan1 on FGT2 are in the same subnet, I assume that they can talk to each other. 

 

In this case, it's not necessary to use IPSec VPN, unless the path between FGT1 and FGT2 are not secured.

Regards,

Jerry
581
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to dingjerry_FTNT

Created on ‎05-05-2025 01:27 PM Edited on ‎05-05-2025 01:28 PM

His drawing is Site B only. In his original post, he said he wanted accessing the cameras from Site A. That's why I mentioned he needed a VPN between Site A and Site B.


Toshi

578
0 Kudos
dingjerry_FTNT
Staff
Staff
In response to Toshi_Esumi

Created on ‎05-05-2025 02:59 PM

Not really, based on his description, FGT1 is in Site A, and FGT2 is in Site B.

Regards,

Jerry
563
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to dingjerry_FTNT

Created on ‎05-05-2025 03:16 PM Edited on ‎05-05-2025 04:09 PM

@YacIs it what all you have? Then I have English problem myself.


<edit>After I re-read your original post, I can see FortiGate1 is at Site A and FortiGate2 is at Site B and those are NOT separated by the internet but directly connected by a physical cable. And the internet/NAT is ONLY at Site A. Then, you can ignore my whole comments. Sorry about that.</edit>

 

Toshi

551
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.