vlan navigation issues on a fortigate FGT81F v 7.0.13 build 0566

Acasy · ‎12-13-2023

Hello,

I'm encountering a weird problem: I have 12 separate VLANs, with basic navigation, connected to different types of devices (Unifi and MikroTik). The VLANs are propagated, and for example, on the MikroTik, I see that each VLAN is assigned a different IP from my FortiGate DHCP. However, for some reason, 5 VLANs are able to navigate, but the remaining 7 cannot. Below, I've attached snippets of the configuration. If you have any suggestion, it's welcome.

Zona Audio 01 static 0.0.0.0 0.0.0.0 10.0.201.1 255.255.255.0 up disable vlan disable

Zona Audio 02 static 0.0.0.0 0.0.0.0 10.0.202.1 255.255.255.0 up disable vlan disable

Zona Audio 03 static 0.0.0.0 0.0.0.0 10.0.203.1 255.255.255.0 up disable vlan disable

Zona Audio 04 static 0.0.0.0 0.0.0.0 10.0.204.1 255.255.255.0 up disable vlan disable

Zona Audio 05 static 0.0.0.0 0.0.0.0 10.0.205.1 255.255.255.0 up disable vlan disable

Zona Audio 06 static 0.0.0.0 0.0.0.0 10.0.206.1 255.255.255.0 up disable vlan disable

Zona Audio 07 static 0.0.0.0 0.0.0.0 10.0.207.1 255.255.255.0 up disable vlan disable

Zona Audio 08 static 0.0.0.0 0.0.0.0 10.0.208.1 255.255.255.0 up disable vlan disable

Zona Audio 10 static 0.0.0.0 0.0.0.0 10.0.210.1 255.255.255.0 up disable vlan disable

Zona Audio 11 static 0.0.0.0 0.0.0.0 10.0.211.1 255.255.255.0 up disable vlan disable

Zona Audio 12 static 0.0.0.0 0.0.0.0 10.0.212.1 255.255.255.0 up disable vlan disable

----

edit "Zona Audio 10"

set vdom "root"

set ip 10.0.210.1 255.255.255.0

set allowaccess ping

set device-identification enable

set role lan

set snmp-index 33

set interface "internal"

set vlanid 210

set vdom "root"

set ip 10.0.202.1 255.255.255.0

set allowaccess ping

set device-identification enable

set role lan

set snmp-index 25

set interface "internal"

set vlanid 202

set vdom "root"

set ip 10.0.203.1 255.255.255.0

set allowaccess ping

set device-identification enable

set role lan

set snmp-index 26

set interface "internal"

set vlanid 203

set vdom "root"

set ip 10.0.204.1 255.255.255.0

set allowaccess ping

set device-identification enable

set role lan

set snmp-index 27

set interface "internal"

set vlanid 204

set vdom "root"

set ip 10.0.206.1 255.255.255.0

set allowaccess ping

set device-identification enable

set role lan

set snmp-index 29

set interface "internal"

set vlanid 206

set vdom "root"

set ip 10.0.207.1 255.255.255.0

set allowaccess ping

set device-identification enable

set role lan

set snmp-index 30

set interface "internal"

set vlanid 207

set vdom "root"

set ip 10.0.208.1 255.255.255.0

set allowaccess ping

set device-identification enable

set role lan

set snmp-index 31

set interface "internal"

set vlanid 208

set vdom "root"

set ip 10.0.211.1 255.255.255.0

set allowaccess ping

set device-identification enable

set role lan

set snmp-index 34

set interface "internal"

set vlanid 211

set vdom "root"

set ip 10.0.212.1 255.255.255.0

set allowaccess ping

set device-identification enable

set role lan

set snmp-index 35

set interface "internal"

set vlanid 212

set vdom "root"

set ip 10.0.205.1 255.255.255.0

set allowaccess ping

set device-identification enable

set role lan

set snmp-index 28

set interface "internal"

set vlanid 205

set vdom "root"

set ip 10.0.201.1 255.255.255.0

set allowaccess ping

set device-identification enable

set role lan

set snmp-index 19

set interface "internal"

set vlanid 201

Acasy · ‎12-13-2023

some more config. Feel free to ask anything -----------

edit 44

set name "Navigazione Zona 01"

set uuid 5d28c1e6-946b-51ee-566a-20657ce24297

set srcintf "Zona Audio 01"

set dstintf "wan2"

set action accept

set srcaddr "Zona Audio 01 address"

set dstaddr "all"

set schedule "always"

set service "ALL"

set nat enable

set name "Navigazione Zona 02"

set uuid 1f320b94-9034-51ee-e636-0acd6c6e1227

set srcintf "Zona Audio 02"

set dstintf "wan2"

set action accept

set srcaddr "Zona Audio 02 address"

set dstaddr "all"

set schedule "always"

set service "ALL"

set nat enable

set comments " (Copy of Navigazione Zona 01)"

set name "Navigazione Zona 03"

set uuid 3a09ab7a-9034-51ee-30bc-78f67507ebd5

set srcintf "Zona Audio 03"

set dstintf "wan2"

set action accept

set srcaddr "Zona Audio 03 address"

set dstaddr "all"

set schedule "always"

set service "ALL"

set nat enable

set comments " (Copy of Navigazione Zona 01) (Copy of Navigazione Zona 02)"

set name "Navigazione Zona 04"

set uuid 3d49470a-9034-51ee-a6a0-89905b56338a

set srcintf "Zona Audio 04"

set dstintf "wan2"

set action accept

set srcaddr "Zona Audio 04 address"

set dstaddr "all"

set schedule "always"

set service "ALL"

set nat enable

set comments " (Copy of Navigazione Zona 01) (Copy of Navigazione Zona 02)"

set name "Navigazione Zona 05"

set uuid 88ffaec0-9447-51ee-9b71-1b023a32bd52

set srcintf "Zona Audio 05"

set dstintf "wan2"

set action accept

set srcaddr "Zona Audio 05 address"

set dstaddr "all"

set schedule "always"

set service "ALL"

set nat enable

set comments " (Copy of Navigazione Zona 01) (Copy of Navigazione Zona 02)"

set name "Navigazione Zona 06"

set uuid 3fbacc70-9034-51ee-7721-c7e900154f25

set srcintf "Zona Audio 06"

set dstintf "wan2"

set action accept

set srcaddr "Zona Audio 06 address"

set dstaddr "all"

set schedule "always"

set service "ALL"

set nat enable

set comments " (Copy of Navigazione Zona 01) (Copy of Navigazione Zona 02)"

set name "Navigazione Zona 07"

set uuid 4dc8ae4a-9034-51ee-f6b0-55f73ebdfa02

set srcintf "Zona Audio 07"

set dstintf "wan2"

set action accept

set srcaddr "Zona Audio 07 address"

set dstaddr "all"

set schedule "always"

set service "ALL"

set nat enable

set comments " (Copy of Navigazione Zona 01) (Copy of Navigazione Zona 02)"

set name "Navigazione Zona 08"

set uuid 45052ffe-9034-51ee-23da-60f0920067fc

set srcintf "Zona Audio 08"

set dstintf "wan2"

set action accept

set srcaddr "Zona Audio 08 address"

set dstaddr "all"

set schedule "always"

set service "ALL"

set nat enable

set comments ""

set name "Navigazione Zona 10"

set uuid 47322674-9034-51ee-8c43-c6cc4781200f

set srcintf "Zona Audio 10"

set dstintf "wan2"

set action accept

set srcaddr "Zona Audio 10 address"

set dstaddr "all"

set schedule "always"

set service "ALL"

set nat enable

set comments ""

set name "Navigazione Zona 11"

set uuid 4ae230fc-9034-51ee-b737-e48bf0d9721a

set srcintf "Zona Audio 11"

set dstintf "wan2"

set action accept

set srcaddr "Zona Audio 11 address"

set dstaddr "all"

set schedule "always"

set service "ALL"

set nat enable

set comments ""

set name "Navigazione Zona 12"

set uuid 48e03a60-9034-51ee-21f2-b1214134ae8c

set srcintf "Zona Audio 12"

set dstintf "wan2"

set action accept

set srcaddr "Zona Audio 12 address"

set dstaddr "all"

set schedule "always"

set service "ALL"

set nat enable

set comments " "

hbac · ‎12-13-2023

Hi @Acasy,

What is the issue? 1 VLAN can't reach another VLAN? Is DHCP working correctly?

If 1 VLAN can't access another VLAN, you can run debug flow to see if it's being dropped. Please refer to https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

Regards,