Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
afarouk
New Contributor

cant access internet using Fortigate VM

I have deployed Fortigate-VM and I am able to access the GUI.

The firewall can access the internet but as a users I can reach the firewall but no internet connection.

I would like some help if there is any configuration needed on the ESXI or the switch where its connected.

 

1 port connected for LAN and another port connected for WAN.

 

1.jpg2.jpg3.jpg4.jpg5.jpg6.jpg7.jpg

32 REPLIES 32
srajeswaran
Staff
Staff

Can you share "get router info routing-table details 8.8.8.8", and check the forward traffic logs under "logs and report" to see if there are any logs related to your source IP?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

afarouk

for simplicity i removed sd-wan and only created 1 wan port and made changes to the routing and policy for that WAN only

 

8.jpg

afarouk

9.jpg

afarouk

also both the LAN & WAN interfaces on the switch (cisco) configured as trunk.

the LAN interface is used for ESXI and firewall LAN, the WAN interface is separated.

 

srajeswaran
Staff
Staff

From the user machine, are you able to ping the fortigate IP -10.10.100.254 ?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

afarouk

yes i have access to the firewall i am on the same subnet10.jpg

srajeswaran

Can you collect below outfrom firewall after initiating a ping from the user machine towards 8.8.8.8

 

diagnose sniffer packet any "host 8.8.8.8" 4

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

afarouk

11.jpg

srajeswaran

Can you check the arp on user machine "arp -a" and confirm the MAC address for 10.10.100.254 is the correct mac showing under fortigate interface ?

 

get hardware nic port1 -> To find port1 mac address

 

And then run - diagnose sniffer packet port1 "host 8.8.8.8" 6 , to confirm the MAC address on the packet.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Top Kudoed Authors