i have FortiGate VM64-AWSONDEMAND EC2 instance with 2 network interfaces:
192.168.10.5 (external one)
192.168.30.0 (internal)
In VPC has 2 route tables:
Public and internal
Public route table:
destination:0.0.0.0
target:internet gateway
included subnet:192.168.10.0
Behind fortigate firewall i have windows instance in 192.168.30.0/24 subnet
Private route table:
destination:0.0.0.0
target: "internal" fortigate firewall interface
included subnet:192.168.30.0
For all devices on "internal" network default route will be internal interface of Fortigate router (it's specified in Forti "cookbook")
I created proxy policy and proxy rule, specified fortigate internal IP address as proxy in browser.I can browse internet from windows instance, unable to ping 8.8.8.8
I created IPV4 rule to allow all traffic from LAN (192.168.30.0) to any address
Problem:
If i remove proxy policy and proxy address from browser i can't search internet, unable to ping 8.8.8.8
I CAN ping fortigate internal and external interfaces
followed this guide:https://cookbook.fortinet...ble-associate-subnets/
Tracing route to google-public-dns-a.google.com [8.8.8.8]
over a maximum of 30 hops:
0 WIN-0675NFPK57B.eu-west-1.compute.internal [192.168.30.49]
1 * * *
Computing statistics for 0 seconds...
Source to Here This Node/Link
Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
0 WIN-0675NFPK57B.eu-west-1.compute.internal [192.168.30.49]
UPDATE:
managed to solve it:
It was metric issue:was same in Windows machine and in fortigate (10), just reduced it to lower value in fortigate and all started working
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1105 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.