Hi!
I have two SVI living in my core router. I am using transport link 10.254.1.1 and 10.254.1.2 from Core to Fortigate
Fortigate port1: 10.254.1.2
Fortigate Port2: 10.98.1.200 for management like ssh
SVI on Core 10.254.1.1
SVI 100= 10.100.1.1
SVI 200= 10.98.1.1
If I set the static route like 10.0.0.0/255.0.0.0 next hop via 10.254.1.1 then I can access internet from both SVI's but if I set static route as 10.100.1.0/255.255.255.0 next hop via 10.254.1.1 and 10.98.1.0/255.255.255.0 via 10.254.1.1
then I cannot access the internet from 10.98.1.0 network.
Also from 10.100.1.0 network I cannot reach 10.98.1.200.
If I can set diagnose I can see that syn is arrving on port 22 and same with icmp echo request.
Any tip for it solution?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
i can see that 10.98.1.0 is showing the directly connected route so I dont need to have any route for it as its directly connected but strangly If I set the route to just 10.100.1.0/255.255.255.0 next hop via 10.254.1.1 then I cannot reach the FW management or internet from 10.98.1.0 network. The access rule is in place.
Just in case you declared the port as "dedicated to management": mgmt ports don't route. They are for OOB management within the same LAN.
I have now moved the Management to OOB from port 2 and my management network is showing in the connected route on the Firewall. What If I want to reach to internet from OOB?
The mgmt port usually is not included in the routing table. On some models, there is no 'dedicated' mgmt port, and thus the port behaves in the usual manner, i.e. it routes traffic to the internet via the default route (policy assumed).
I've got no experience with VM FGTs in this respect, maybe someone else could chime in.
Ok thanks for input. Like I said if I put 10.0.0.0/8 pointing to my next internal hop then it works but if I make it more subnet wise then it doesnt work.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.