Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MG1
New Contributor II

Created on ‎06-06-2022 07:36 AM

Vlan routing

HI all,

as per diagram,the three sites are configured with BGP and all is working properly.

All the networks are received trough BGP from both FGTs and from Cisco R1.

Now the problem is when i configure Vlan in FGT.

As per diagram,vlans configured trough cisco router as L3 device are working properly,buuut the Vlan I configured on SITE-C FGT (Vlan 50)the network is published trough BGP to all the sites,but the PC4 is only able to ping his GW but any site.

I don't understand if is a bug or something not configured properly.Wireshark only give "no response found" for ping request.

Either PC4 can't be pinged from any other site.

Basically,all network is working proiperly,only vlans configured in FGT are not working.

Thanks in advance!diagram.jpg

Labels:
1914
0 Kudos
1 Solution
MG1
New Contributor II
In response to MG1

Created on ‎06-09-2022 11:55 PM

After struggling for a solution,i removed FGT SITE-C and configured entirely again and issue solved!

Thanks all for support!

View solution in original post

1850
0 Kudos
7 REPLIES 7
Muhammad_Haiqal
Staff
Staff

Created on ‎06-07-2022 01:04 AM

Thank you for the diagram. May i know, PC4 gateway is on Site-C-SW1 or Site-C Fortigate? Basically PC4 need to reach Fortigate VLAN50 IP address 1st. In your case, im afraid, there are VLAN misconfiguration on the Site-C-SW1.

Here is my idea to check connectivity:
On Site-C-SW1, configure VLAN50 IP address.
From this SW1, ping to VLAN50 of Fortigate. 
This is to verify connectivity between switch and Fortigate.

Then, From PC4, ping to Site-C-SW1, then Site-C Fortigate.
You may have some finding if the issue related to Fortigate or Switch configuration.

Hope that helps.

haiqal
1868
0 Kudos
MG1
New Contributor II
In response to Muhammad_Haiqal

Created on ‎06-07-2022 01:09 AM

Hi Muhammad,thanks for reply.

Vlan 50 GW is on SITE-C FGT and Is reachable from PC4.

172.4.1.0/24 Is correctly anounced trough BGP as well.

Regards 

1865
0 Kudos
Muhammad_Haiqal
Staff
Staff
In response to MG1

Created on ‎06-07-2022 02:57 AM

Hi MG1,
Thank you for your respond. 
On site-C fortigate, please verify if the routing table is correct. This fortigate can handle how to send out the traffic, however does not have control on how the traffic coming back.

Example:
Site-C fortigate already sent traffic to SiteB-R1. Now traffic will be handle by this SiteB-R1.
In real life, you can consider, parcel has been sent to Fedex(SiteB-R1). Now depend to Fedex how to handle the route.


This KB might be helpful:

 

 

haiqal
1860
0 Kudos
MG1
New Contributor II
In response to Muhammad_Haiqal

Created on ‎06-08-2022 10:01 PM

HI Muhammad,

thanks again for your reply.

SITE-C FGT is configured correctly,e.g. SITE-C FGT port 3 has no vlan configured and his network 172.3.1.1/24 can be reached by other 2 sites.

The problem is when i configured a FGT port with Vlan ,for this i don't know if is some kind of FGT VM limitation,bug or something wrong configured.

Thanks in advance.

1854
0 Kudos
Debbie_FTNT
Staff
Staff
In response to MG1

Created on ‎06-09-2022 12:59 AM

Hey MG1,

you could narrow down where the break in connection occurs with traceroute command; that would let you know how many hops the traffic goes through before failing.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
1849
0 Kudos
MG1
New Contributor II
In response to Debbie_FTNT

Created on ‎06-09-2022 01:19 PM

Hi Debbie,thanks for your reply.

Any trace with destination PC4 stops at his BGP gateway and same for PC4 to other sites. Weird thing is that only happens when i configure vlans on FGT,if i i connect PC4 straight to port 4,works with no issues.

I'm missing something but don't get what.All the BGP routes are correctly sent/received on all the neighbours.

1841
0 Kudos
MG1
New Contributor II
In response to MG1

Created on ‎06-09-2022 11:55 PM

After struggling for a solution,i removed FGT SITE-C and configured entirely again and issue solved!

Thanks all for support!

1851
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.