Hot!Issues with setting up Fortigate VM

Author
sebastan_bach
Silver Member
  • Total Posts : 90
  • Scores: 3
  • Reward points: 0
  • Joined: 2008/04/03 11:04:47
  • Status: offline
2016/12/28 04:58:40 (permalink)
0

Issues with setting up Fortigate VM

Hi,
 
I have installed fortigate VM 64 bit running VMware. I have enabled 2 interfaces WAN & LAN & enabled management access on both the interfaces. I have assigned static IP address to both the interfaces. The WAN interface VM NIC mode is set to Nat & the Lan interface of the fortigate VM NIC is set to host mode. From the fortigate firewall I am able to ping the internet & the lan guest VM as well. But i am not able to access internet from the internal guest VM though I have a policy with nat enabled & allowed all services. Any guesses or ideas to get this working would be really helpful.
 
Regards
 
Sebastan
#1

6 Replies Related Threads

    MikePruett
    Platinum Member
    • Total Posts : 677
    • Scores: 17
    • Reward points: 0
    • Joined: 2014/01/08 19:39:40
    • Location: Montgomery, Al
    • Status: offline
    Re: Issues with setting up Fortigate VM 2016/12/28 07:02:40 (permalink)
    0
    Is the VM on the proper switch with the proper IP/gateway etc? I would check to see if the guest VM can even ping the inside interface of the Gate (be sure to enable ping on the appropriate interface). If you can't, chances are it's a VM ware issue and not a FortiGate issue.

    Mike Pruett
    Fortinet GURU
    #2
    sebastan_bach
    Silver Member
    • Total Posts : 90
    • Scores: 3
    • Reward points: 0
    • Joined: 2008/04/03 11:04:47
    • Status: offline
    Re: Issues with setting up Fortigate VM 2016/12/28 23:09:31 (permalink)
    0
    Hi Mike,
     
    Do we need to have a dedicated management interface ?. I have enabled management functions on both the firewall interfaces.
     
    My Inside host can ping the fortigate lan interface & from the fortigate firewall I can ping the global DNS servers of 8.8.8.8 & 8.8.4.4 as well. I have a default route on the Firewall as well.
     
    But the issue is that inside host cannot ping the internet even with a allow all firewall policy in place.
     
    What is the best way to troubleshoot any suggestions please
     
    Regards
     
    Sebastan
    #3
    neonbit
    Expert Member
    • Total Posts : 514
    • Scores: 67
    • Reward points: 0
    • Joined: 2013/07/02 21:39:52
    • Location: Dark side of the moon
    • Status: offline
    Re: Issues with setting up Fortigate VM 2016/12/29 01:58:54 (permalink)
    0
    Hi Sebastan, you don't need a dedicated management port, enabling management on an interface would be enough.
     
    Sounds a little weird that your internal pc cant ping through the firewall since a) firewall can ping the internet, b) pc can ping firewall lan interface c) allow all policy has nat enabled.
     
    My suspicion is that there is a problem with the policy (are you referencing the correct interfaces?).
     
    Ultimately the best way to test this out is to do a diag debug from the FortiGate CLI to confirm exactly where these packets are going.
     
    Firstly make sure you are not pinging 8.8.4.4. Connect to the FortiGate CLI then type the following commands:
     
    diag debug flow filter daddr 8.8.4.4
    diag debug flow show console enable
    diag debug enable
    diag debug flow trace start 3
     
    Once this is done start pinging 8.8.4.4 from your internal PC. Observe the FortiGate CLI output, it should confirm two key things 1) what route/interface the packets match & 2) what policy it hit.
     
     
    #4
    sebastan_bach
    Silver Member
    • Total Posts : 90
    • Scores: 3
    • Reward points: 0
    • Joined: 2008/04/03 11:04:47
    • Status: offline
    Re: Issues with setting up Fortigate VM 2016/12/31 02:43:45 (permalink)
    0
    Hi, 
     
    Thanks for your troubleshooting tips. I followed the exact same steps as yours. I can see in the debug the packet for 8.8.8.8 arriving at the right port2 Lan interface. The firewall allocates a new session id. Firewall finds a route via the configured gateway via port1 which is the WAN port. but there is no traffic passing through. 
    The same log I can see on the console trice . one thing I can see is there is no policy lookup that is happening post the route-lookup. 
     
    Is there something very basic I am missing out here. 
     
    Regards
     
    Sebastan
     
     
    #5
    jwowens
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/04/11 09:28:59
    • Status: offline
    Re: Issues with setting up Fortigate VM 2019/04/11 09:30:33 (permalink)
    0
    I would suggest 2 things, 1 create a policy to allow traffic passing from port 2 -> port 1
    #6
    jamesc
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/05/10 05:54:53
    • Status: offline
    Re: Issues with setting up Fortigate VM 2019/05/10 05:56:25 (permalink)
    0
    i have same issue
     
    same setup and results of diag
    #7
    Jump to:
    © 2019 APG vNext Commercial Version 5.5