GOAL: 1. vxlan between 2 sites
2. user lan port4 can go internet
REFERENCES
https://kb.fortinet.com/kb/documentLink.do?externalID=FD38614
https://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=FD40170&languageId=
QUESTIONS: I notice
1. if I set ip in LAN interface port4, I can't add that nic into soft switch member
2. if I didn't set ip in port4 LAN interface then what is all user pc gateway.
without gateway, how user can go internet
tq
UPDATE1:
-ping between sites working after following this
https://aventistech.com/extend-layer2-network-across-data-center-with-fortigate-vxlan/
Now my problem is allowing LAN user to go Internet
this policy still won't allow LAN user to go Internet
config firewall policy edit 1 set srcintf "FGT1-SW" set dstintf "port1" set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set logtraffic disable next end
How come I can't "set nat enable"
How to allow LAN user to go Internet
UPDATE2:
STATUS: WORKING
some misconfig in firewall policy
config firewall policy edit 1 set name "FGT1-SWtoWAN" set uuid 556a328e-4d37-51ea-7a1a-880bb60617f9 set srcintf "FGT1-SW" set dstintf "port1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set inspection-mode proxy set logtraffic disable set nat enable next end
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.