Site B is accessing internet through MPLS, the MPLS is directly to the switch without any control, I'm now would like to use a Forti 100D or 200E to do policy control, but after virtual wire pair set, it cannot access to internet.
the virtual wire pair is set to open all service and all source but still cannot go to 170.10.1.13.
I'm also try to use software switch, but after grouped port 3 and port 4, it cannot control by policy and just working like a switch.
Any wrong setting on the virtual wire pair? please help... Many thanks
Original Setting
After below setting, it cannot access to 170.10.1.13
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
If the subnet 170.10.1.0/24 is on a vlan interface, you should consider allowing wildcard vlan on vwire.
Best regards,
Jin
it is not a vlan, no matter the VLAN wildcard is enable or disable which cannot connect. it likely cannot route back to the other port in the same device.
Please post the configs of vwire, firewall policy and port3 and port4 config. Also, did sniffer shows packets arriving on port3 for destination 170.10.1.13?
best regards,
Jin
Just a basic setting I applied, below port is down because I put it into other Fortigate device already, the virtual wire pair can working normally if it do not need to go back to other port in the same device.
The tracert result is cannot route to the other port in the same device, actually I tried many cases same as this case, the virtual wire pair cannot go to other port which in the same device.
New setting:
it is successful after split into two devices, I don't know it is bug or other problem.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1561 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.