- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
issue in arp responce
hello guys
i have a problem in my network , i cant ping ping from outside (port3) to inside (port1) and vice versa although I have configured all the settings correctly I think. ip addresses and policies and static routing
and that is the static routing and policeis configuration
Router(config)#do show run | in route
ip route 0.0.0.0 0.0.0.0 Ethernet0/3
ip route 192.168.0.0 255.255.0.0 10.10.10.4
Switch#show run | in route
ip route 0.0.0.0 0.0.0.0 Ethernet1/2
FortiGate-VM64-KVM # show system interface
config system interface
edit "port1"
set vdom "root"
set ip 192.168.80.1 255.255.255.0
set allowaccess ping https ssh http fgfm
set type physical
set device-identification enable
set lldp-transmission enable
set role lan
set snmp-index 1
next
edit "port2"
set vdom "root"
set ip 192.168.100.201 255.255.255.0
set allowaccess ping https ssh http telnet
set type physical
set snmp-index 2
next
edit "port3"
set vdom "root"
set ip 10.10.10.4 255.255.255.0
set allowaccess ping https ssh snmp fgfm radius-acct ftm speed-test
set type physical
set device-identification enable
set lldp-transmission enable
set role lan
set snmp-index 3
FortiGate-VM64-KVM # show router static
config router static
edit 1
set dst 192.168.0.0 255.255.0.0
set device "port1"
next
edit 2
set distance 11
set device "port3"
next
end
FortiGate-VM64-KVM # show firewall policy
config firewall policy
edit 2
set name "out to in"
set uuid 98a05fec-6245-51ef-b0fd-522e0706dc57
set srcintf "port3"
set dstintf "port1"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
next
edit 1
set name "in to out"
set uuid 8441b62c-6245-51ef-05ea-f3bae959514f
set srcintf "port1"
set dstintf "port3"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
next
end
i tried to ping from core switch to router and i caprute the packets by wireshark in port1 and port3 , the core switch send arp request , but the firewall dosent forward the arp request and it dosent send arp responce also , but when i try to ping from router to core switch , the router send ICMP and the firewall forward it but the core switch send arp request again and the firewall dosent respone for the arp requset also . someone tell to use proxy arp and i try but it dosent work then i remove the prxoy arp , i dont know if i write the configuration corecctly , but i dont think so it will work even i write it coreectly
ping from Router to Core switch
- Labels:
-
Firewall policy
-
FortiGate
-
Port policy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Abdo
On your FGT, static routes, if I'm not wrong I think you should try completely remove the firs entry.
config router static
delete 1
end
