Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

What is missing - Routing, NAT or Policy

Hello, I am beginner in Fortigate and I would like to know what should I do to get this working. I have port 1 configured as a management port. Its a DHCP and address is Client is configured as DHCP client and his address is in that network (before .129 now actually .135). On a Fortigate I have configured dhcp server on port 8. Current IP address is And DHCP Client has Please check pictures. What should I configure if I want to ping from one site to the other end? From to I dont know whether I have to set default route, or NAT that or configure some kind of policy. Can you help? Take management port as a internet and DHCP client as a private network. I hope its clear. Thank You

Connection.jpgPing from DHCP Client.jpgPing.jpgPorts Configuration.jpg


New Contributor

Hi Zhuo, do you know why I can ping 1 way and second way not?


You don't need NAT here since your FortiGate is the Gateway on both "endpoints" and the FGT does have an interface in both subnets. NAT might even be contra-productive here.

Try to disable it. The rest of you policies looks good so far.


Basically all you need is a policy to allow traffic from port1 to port8. Then you can ping from port1 subnet to port8 subnet.

If you want to ping from port 8 subnet to port1 subvnet you need the reverse policy to the above one too.

Only if on the endpoints the FortiGate is NOT your default gateway you would need a static route to the "opposite" subnet on each endpoint that has the FGT as gateway.


"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
New Contributor

Thank You. But I am worried that I dont know how to do that. What do you mean by reverse policy? I have policies 1 to 8 and 8 to 1 so 1 to 8 is reverse to 8 to 1 and vice versa. Am I wrong?

I have tried to do static route but it doesn't work, because I dont know what should be a def gateway in this direction. I have one static route but it is created automatically. I didn't create that. I don't know how it came with that default gateway. Maybe it is caused by DHCP. If I have to create static route, what will be the default gateway from 1 to 8?

Routing.pngInterfaces.pngStatic route.png


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors