Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
boozely25
New Contributor

Created on ‎09-19-2018 02:45 PM

Interfaces Not Communicating

I setup two Fortigate 60E's to connect over an elan circuit.  the interfaces are hardware switches

DR_ELAN - ELAN2\ip 192.168.50.3/24

HQ_ELAN -  ELAN2\192.168.50.1/24.

 

I connected them both and they both show up\full 1000, bit I cannot ping or traceroute or anything

Traceroute:

DR_ELAN--> execute traceroute 192.168.50.1

DR_ELAN # execute traceroute 192.168.50.1
traceroute to 192.168.50.1 (192.168.50.1), 32 hops max, 3 probe packets per hop, 72 byte packets
 1 127.0.0.1 <localhost> 2998.414 ms !H 2995.406 ms !H 2999.901 ms !H

HQ_ELAN --> execute traceroute 192.168.50.3

HQ_ELAN # execute traceroute 192.168.50.3
traceroute to 192.168.50.3 (192.168.50.3), 32 hops max, 3 probe packets per hop, 72 byte packets
 1 * * *
 2 * * *
 3 * * *

 

 

Diagnose Sniffer:

 

DR_ELAN # diagnose sniffer packet ELAN2 none 4 5 a
interfaces=[ELAN2]
filters=[none]
2018-09-19 21:21:06.740003 ELAN2 -- arp who-has 192.168.50.1 tell 192.168.50.3
2018-09-19 21:21:07.739945 ELAN2 -- arp who-has 192.168.50.1 tell 192.168.50.3
2018-09-19 21:21:08.739944 ELAN2 -- arp who-has 192.168.50.1 tell 192.168.50.3
2018-09-19 21:21:18.750037 ELAN2 -- arp who-has 192.168.50.1 tell 192.168.50.3
2018-09-19 21:21:19.749976 ELAN2 -- arp who-has 192.168.50.1 tell 192.168.50.3

 

HQ_ELAN # diagnose sniffer packet ELAN2 none 4 5 a
interfaces=[ELAN2]
filters=[none]
2018-09-19 21:19:46.236534 ELAN2 -- arp who-has 192.168.50.1 tell 192.168.50.3
2018-09-19 21:19:46.236567 ELAN2 -- arp reply 192.168.50.1 is-at 70:4c:a5:80:bd:41
2018-09-19 21:19:48.260313 ELAN2 -- 192.168.50.1.500 -> 192.168.50.3.500: udp 716
2018-09-19 21:19:53.270243 ELAN2 -- arp who-has 192.168.50.3 tell 192.168.50.1
2018-09-19 21:19:54.270242 ELAN2 -- arp who-has 192.168.50.3 tell 192.168.50.1

 

 

Can anyone help me troubleshoot this?

 

Thank you in advance

5703
0 Kudos
2 REPLIES 2
sw2090
Honored Contributor

Created on ‎09-19-2018 11:08 PM

Hm !H in the output of traceroute means "Host unreachable". So probably you have some routing issues?

Maybe a diag debug flow might provide additional info...

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
1672
0 Kudos
ede_pfau
Esteemed Contributor III
In response to sw2090

Created on ‎09-20-2018 01:04 AM

How did you configure the interface ELAN2? Can you show the config part (text)?

Do you have each site on a different VLAN, or one big VLAN for all sites?

 

If your ELAN is VLAN based then this would have to be set up in the interface.

 


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
1672
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.