Hi All,
We have a Fortigate 30E running ForiOS 6.2 and is connected with a D-Link GS1900 Switch.
We created three VLANs(VLAN ID=1,2,3) and each VLAN is an independent subnet (192.168.0.x,192.168.2.x, and 192.168.3.x).
We put our servers on 192.168.3.x subnet, and we found it cannot connect to the internet.
We have tried static routing and it doesn't work and finally succeed using the follow policy routing:
Incoming interface: VLAN3
Source: Our server in VLAN3
Destination: 0.0.0.0/0
Ourgoing interface: VLAN1
Gateway: 192.168.0.1
We have done some tests to see the effects of routing policy but it is very wierd to us that the server in VLAN3 can still connect to the internet even we delete to above policy routing (it cannot work until we create this route....how come now it can still without this route!!)
Could you advise us what is the most accurate/correct setting of routing for VLAN3 to internet?
Thank you.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Please check the routing table and run the sniffer commands to check where the traffic is going out.
Putty 1
----------
# get router info routing-table all
# get router info routing-table details y.y.y.y
*** y.y.y.y is the destination IP ***
Putty 2
--------
# diagnose sniffer packet any "host x.x.x.x and host y.y.y.y" 4 0 l
*** x.x.x.x is the Source IP address and y.y.y.y is the destination IP ***
ctrl+C to stop
To check the inactive route in the routing table follow the KB - https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-identify-Inactive-Routes-in-the-Rou...
Best regards,
Erlin
Hi,
Everything looks fine and the traffic is going out.
50.168593 192.168.3.77.80 -> X.X.X.X.53166: psh 2322244479 ack 562670634 |
50.177976 X.X.X.X.53166 -> 192.168.3.77.80: ack 2322245191 |
50.177981 X.X.X.X.53166 -> 192.168.3.77.80: ack 2322245191 |
50.177984 X.X.X.X.53166 -> 192.168.3.77.80: ack 2322245191 |
And following is my routing table now:
S* 0.0.0.0/0 [10/0] via A.A.A.A, wan |
C A.A.A.0/24 is directly connected, wan |
is directly connected, wan |
C 192.168.0.0/24 is directly connected, lan |
C 192.168.2.0/24 is directly connected, VLAN2 |
C 192.168.3.0/24 is directly connected, VLAN3 |
What I don't know now and am very confused is:
1. What is the correct way to set routing for VLAN?
2. Should I do static routing or policy routing? (I tried static routing before but failed. I succeed by policy routing but I found it still works now even I delete all the static of policy routing)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.