I recently subscribed to a fixed IP (IPv4) line with Flets Cross and configured a VNE tunnel from FortiGate, but I was unable to connect to the internet. I would appreciate it if you could provide me with a solution to this problem.
I followed the instructions in the following document:
https://www.fortinet.com/content/dam/fortinet/assets/deployment-guides/ja_jp/fg-jpne-v6plus.pdf
Device and Version Information:
Line Information:
Thank you for your time and assistance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I used the Ip Pool for the NAT between the Internal and wan1 interfaces,the DNS is good the fortigate can not access any external ip addresses beside the default gateway i think its because the FGT is using the wan address instead of the nat address
Thank you for your reply.
I apologize for my lack of understanding, but I am unable to resolve names, etc. even from the FortiGate CLI,
It appears that you are not able to connect to the Internet because the VNE tunnel is not properly constructed.
*I am using FortiGate for self-learning, so it is possible that there is a rudimentary problem.
Hi,
First of all, you dont seem to have DNS servers set on the FGT, the reason why you cant resolve google.com , are any set ?
Secondly, while trying to ping 8.8.8.8 , do you have a static ipv4 route for this traffic to be able to exit the local device ?
If you want to use ipv6 , then you should try execute ping6 IP/HOSTNAME
Also, a ipv6 route should be also installed in the routing table, you can check with, get router info6 routing-table static
Hi,
>First of all, you dont seem to have DNS servers set on the FGT, the reason why you cant resolve google.com , are any set ?
0.0.0.0 is set to the DNS server in order to configure the DNS server obtained by DHCPv6 information request.
>Secondly, while trying to ping 8.8.8.8 , do you have a static ipv4 route for this traffic to be able to exit the local device ?
Yes, there is.
Static route is configured to the vne.root interface.
However, we believe that the vne.root tunnel is not configured correctly and that the connection to the Internet is not working.
Created on 05-02-2024 04:26 AM Edited on 05-02-2024 04:31 AM
Hi,
Please try and override the DNS server settings and use some custom ones, like 1.1.1.1 or 8.8.8.8 instead of 0.0.0.0 or whatever is available for you in terms of public DNS's .
This can be done from Network > DNS > Specify and input the IP's or from CLI , https://docs.fortinet.com/document/fortigate/7.4.3/cli-reference/28620/config-system-dns
I overwrote the DNS server, but could not resolve the name as well.
I see.
Can you confirm that you have done the steps from the link, 2-5 , 2-6 ( i can see that it's done ) , 2-7 and 2-8 ?
After those, you should get the IPv6 address from step 3-2 which in your case laddr and raddr is not populated.
L.E. also, on step 2-1 on port37 under config ipv6 , you have set the interface-identifier as the HWaddr of port37, right ? Which you can find using this command ,
get hardware nic port37 | grep Hwaddr
I have configured everything, but are not able to get IPv6 to the WAN interface (port37).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1663 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.