Hello, I am beginner in Fortigate and I would like to know what should I do to get this working. I have port 1 configured as a management port. Its a DHCP and address is 192.168.76.130. Client is configured as DHCP client and his address is in that network 192.168.76.0/24 (before .129 now actually .135). On a Fortigate I have configured dhcp server on port 8. Current IP address is 192.168.21.1/24. And DHCP Client has 192.168.21.100/24. Please check pictures. What should I configure if I want to ping from one site to the other end? From 192.168.76.135 to 192.168.21.100. I dont know whether I have to set default route, or NAT that or configure some kind of policy. Can you help? Take management port as a internet and DHCP client as a private network. I hope its clear. Thank You
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Can you share policy for Fortigate
Hi, I didnt create policy. I have tried to create that, but it didn't work, therefore I deleted that and now is there only implicit deny. I am waiting for someone suggest how the policy should look. Everything is blank. There is no route, no NAT and no Policy. How should I configure policy? Thanks
Hi Matie.
please check firewall policy
The problem should be in fortigate's ipv4 policy.
best regards。
Hi, I didnt create policy. I have tried to create that, but it didn't work, therefore I deleted that and now is there only implicit deny. I am waiting for someone suggest how the policy should look. Everything is blank. There is no route, no NAT and no Policy. How should I configure policy? Thanks
Hi Matie.
fortigate ipv4 policy rules are 2
Article 1: port8 to port1
Article 2: port1 to port8
This allows for interoperability
No need to enable nat
Hi Zhuo
I actually tried that. I was able to reach and ping from 192.168.21.100 to 192.168.76.135 (port 8 - port 1 worked) but not vice versa. I have set source and destination as ALL and also service on ALL. Now I am at work. Once I will be at home I will share pictures of policies and results of these policies.
Good Matie.
Notice,
is to open two ipv4 policy
Article 1: port8 to port1
Article 2: port1 to port8
Hi Zhuo. I have set the policies as you told me. However I cannot ping from Net to Private. Please check pictures. Notice that address range has changed because of DHCP on Net site. I can ping from private that means from 192.168.21.100 to Net 192.168.76.129 but I cannot ping vice versa although Policies are in place. It looks like all traffic is denied by implicit deny. I dont know why. NAT is enabled, but that is not a problem. I have tried also without NAT.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.