Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Matie
New Contributor

Created on ‎08-09-2022 12:23 PM

What is missing - Routing, NAT or Policy

Hello, I am beginner in Fortigate and I would like to know what should I do to get this working. I have port 1 configured as a management port. Its a DHCP and address is 192.168.76.130. Client is configured as DHCP client and his address is in that network 192.168.76.0/24 (before .129 now actually .135). On a Fortigate I have configured dhcp server on port 8. Current IP address is 192.168.21.1/24. And DHCP Client has 192.168.21.100/24. Please check pictures. What should I configure if I want to ping from one site to the other end? From 192.168.76.135 to 192.168.21.100. I dont know whether I have to set default route, or NAT that or configure some kind of policy. Can you help? Take management port as a internet and DHCP client as a private network. I hope its clear. Thank You

Connection.jpgPing from DHCP Client.jpgPing.jpgPorts Configuration.jpg

 

Labels:
2785
0 Kudos
12 REPLIES 12
zhiqiang
New Contributor II

Created on ‎08-09-2022 08:56 PM

Can you share  policy  for Fortigate

2107
0 Kudos
Matie
New Contributor
In response to zhiqiang

Created on ‎08-09-2022 10:42 PM

Hi, I didnt create policy. I have tried to create that, but it didn't work, therefore I deleted that and now is there only implicit deny. I am waiting for someone suggest how the policy should look. Everything is blank. There is no route, no NAT and no Policy. How should I configure policy? Thanks

2094
0 Kudos
Zhuo
New Contributor III

Created on ‎08-09-2022 09:00 PM

Hi Matie.
please check firewall policy

The problem should be in fortigate's ipv4 policy.

 

best regards。

2105
0 Kudos
Matie
New Contributor
In response to Zhuo

Created on ‎08-09-2022 10:43 PM

Hi, I didnt create policy. I have tried to create that, but it didn't work, therefore I deleted that and now is there only implicit deny. I am waiting for someone suggest how the policy should look. Everything is blank. There is no route, no NAT and no Policy. How should I configure policy? Thanks

2094
0 Kudos
Zhuo
New Contributor III
In response to Matie

Created on ‎08-09-2022 11:03 PM

Hi Matie.
fortigate ipv4 policy rules are 2

Article 1: port8 to port1
Article 2: port1 to port8

This allows for interoperability

2092
0 Kudos
Zhuo
New Contributor III
In response to Matie

Created on ‎08-09-2022 11:04 PM

No need to enable nat

2092
0 Kudos
Matie
New Contributor
In response to Zhuo

Created on ‎08-09-2022 11:53 PM

Hi Zhuo

I actually tried that. I was able to reach and ping from 192.168.21.100 to 192.168.76.135 (port 8 - port 1 worked) but not vice versa. I have set source and destination as ALL and also service on ALL. Now I am at work. Once I will be at home I will share pictures of policies and results of these policies.

2079
0 Kudos
Zhuo
New Contributor III

Created on ‎08-10-2022 12:04 AM

Good Matie.
Notice,
is to open two ipv4 policy
Article 1: port8 to port1
Article 2: port1 to port8

2077
0 Kudos
Matie
New Contributor
In response to Zhuo

Created on ‎08-10-2022 10:11 AM

Hi Zhuo. I have set the policies as you told me. However I cannot ping from Net to Private. Please check pictures. Notice that address range has changed because of DHCP on Net site. I can ping from private that means from 192.168.21.100 to Net 192.168.76.129 but I cannot ping vice versa although Policies are in place. It looks like all traffic is denied by implicit deny. I dont know why. NAT is enabled, but that is not a problem. I have tried also without NAT.
Firewall Policies.jpgPermit all from Net.jpgPermit all from Private.jpgPing from Net.jpgPing from private.jpg

2066
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.