Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jreynolds
New Contributor

Created on ‎07-18-2016 05:29 PM

New to Fortigate - odd firewall issue

Hi,

 

I'm new to the Fortigate product and have been trialing the AWS offering. Things have gone ok but I have an issue with the firewall which I can't nut out. Any help would be appreciated.

 

Background:

[ul]
  • Fortigate Appliance has two interfaces: Public 10.0.5.93 & Private 10.0.217.79
  • Public Interface also has an AWS EIP associated with it
  • Two AWS routing tables have bee created: Public & Private[ul]
  • Public: 0.0.0.0/0 routes to the AWS Internet Gateway (IGW)
  • Private: 0.0.0.0/0 routes to the Private interface[/ul]
  • (Both Public & Private interfaces can successfully ping external/public IPs/FQDNs)
  • Test server sitting with Private subnet. IP = 10.0.217.80
  • Firewall rules:[ul]
  • From: Internal, To: Internal, Source: All, Destination: All, Service: All ICMP, NAT: Accept 
  • From: Internal, To: Internal, Source: All, Destination: All, Service: HTTP, HTTPS, NAT: Accept
  • Implicit Deny in place and last in the the order of rules[/ul][/ul]

     

    Problem Description

    [ul]
  • Outbound traffic (HTTP, HTTPS, ICMP etc) initiated from the Test Server is unable to reach any external/public IPs/FQDNs)
  • Firewall Statistics counter for each rule showing traffic being processed by the relevant (ICMP, HTTP(S)) rule[/ul]

    Troubleshooting

    [ul]
  • When enabling Explicit Policy and configuring a browser on the Test Server to use Fortigate's private interface as the proxy IP, HTTP(S) traffic successfully
  • Explicit Proxy Settings is enabled on the Private interface[/ul][ul]
  • Network->Explicit Policy = default settings
  • Policy & Objects-> Explicit Proxy Policy is created with default setting -  Source: All, Destination: All etc[/ul]

     

    Thanks,

     

    Joel

     

    • 1417
    0 Kudos
    0 REPLIES 0
    Labels
    Top Kudoed Authors
    View all
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2024 Fortinet, Inc. All Rights Reserved.