Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
LarryD
New Contributor

Routing Problem

I have an old Fortigate 200D, that I am sooo close to getting setup. The firewall won't ping 8.8.8,8, and I know I'm doing something stupid with the routing. It even says can't find route to host when I Ping off of the LAN. I have screenshots, and it's a basic setup for 5 computers. I have 0.0.0.0/0.0.0.0 the default in the static routes for the WAN. And a 192.168.0.0/24 static route, with the gateway of the LAN 192.168.23.1. I have the LAN Interface setup on port1 and am able to connect with DHCP enabled and 192.168.23.1 as the gateway on that Interface. But when I go to Static Route Monitor, it says the LAN, and WAN, are connected but with Gateways of 0.0.0.0. How do I get the Gateway in there so the firewall, and the LAN will be able to ping 8.8.8.8? Any help will be super super appreciated! Having trouble finding posts about this little problem. I believe the firmware is at 5.something Thx!
7 REPLIES 7
parteeksharma


Hi LarryD,

Please be informed that If your FortiGate is sitting at the edge of the network, your next hop will be your ISP gateway. This provides internet access for your network.

Also the next-hop IP address i.e gateway should be reachable from the fortigate device and the arp should be learnt on fortigate. You can check the ARP table entry using command "get sys arp".

If the gateway is reachable then route will be active in the routing-table and the 8.8.8.8 should be accessible through fortigate.


Best Regards,
Parteek

LarryD

parteeksharma


Hi Larry,

As per the screenshots, it seems you are able to ping 8.8.8.8 from Fortigate device using wan2 link. The ping is successful from Fortigate.


Best Regards,
Parteek

LarryD

Ohhh forgot, yes the next hop is the ISP (Frontier fiber)

rosatechnocrat
Contributor II

Dear LarryD,

 

Please share the output of "#get router info routing-table all" command from the CLI.  and a ping output for your gateways . 

execute ping 192.168.23.1

execute ping <WAN-GW-IP> 

 

 

 

Rosa Technocrat -- Also on YouTube---Please do Subscribe
Rosa Technocrat -- Also on YouTube---Please do Subscribe
sw2090
Honored Contributor

On your Screenshots one can see that the two connected routes for lan and wan2 do not have a gateway which is actually correct. The only one that needs to have a gateway in your case is the default route and that does have a gateway.

The other screenshot shows log output that looks indeed like if you were able to ping.

Thus - for clients in your lan - you also have to have a policy (with sNAT enabled) to allow traffic into the internet. 

Also you have to make sure that the default route on your clients in your lan has the FGT as gateway.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
syordanov

Dear LarryD,
please run the following debug :

 

diagnose debug reset
diagnose debug disable
diagnose debug flow filter proto 1
diagnose debug flow filter daddr 8.8.8.8
diag debug flow show function-name enable
diag debug flow show iprope enable
diagnose debug console timestamp enable
diagnose debug flow trace start 999
diagnose debug enable

Please generate ping from your local PC to 8.8.8.8, collect the debug and then stop the debug :


diagnose debug disable

.
Labels
Top Kudoed Authors