We have a host in a VLAN that needs to be openly accessed by an outside
provider through a 2nd WAN port. We've followed Fortinet documentation
on port forwarding and 1:1 NAT but we aren't able to ping the host. The
configuration is as follows: We hav...
Thank you Graham. I'm not sure where the multiple VRFs came into play. I
have added the 2nd IP to the primary WAN and I am able to see ICMP
traffic coming inbound to the device.
Here is the routing I have configured for both WAN ports. The WAN IPs
are in the same subnet thus have the same GW. FW2# get router info
routing-table staticRouting table for VRF=0S* 0.0.0.0/0 [5/0] via
x.x.x.185, port17, [2/0]Routing table for VRF=1...
We created a source NAT so that inbound traffic to the x.x.x.199 IP
would be mapped to the 10.200.80.2. With source NAT disabled, the output
for the provided commands give 'total sessions 0' while traffic is
initiated
NAT disabled returns the same result. I created a static route to the IP
we are testing from, but when I run a packet capture it says the source
IP we are pinging from is unreachable.
Thank you for the response. I ran the provided commands and noticed the
logs returning 'msg="reverse path check fail, drop" . I have a static
route back to the IP we are testing from but it still doesn't seem to
work.
