Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Kambien
New Contributor

Created on ‎10-23-2018 11:03 AM

Access between two interfaces, cannot ping subnet

Hi there,

Foremost, I am fairly new to networking as well as FortiGates.  Currently doing the NSE4 courses and the protection side is much simpler than the routing (as I am even more green to routing!).  Am struggling with figuring out how come I cannot access my wireless Asus router.  Have tried via ping (it is enabled on the firewall policy), tracert, web page access.  To give some lay out of my configuration:

 

Interface lan1 is WiFi (Interface 10.1.5.1, the router is 10.1.5.2)

Interface lan is my desktop (Interface 192.168.2.99, my PC is 192.168.2.112)

 

Created an IPv4 policy allowing the LAN interface to communicate with the WiFi interface.  I can ping the WiFi interface 10.1.5.1 and I see it is working because the bytes column in the policy shows as incrementing when I ping.

 

When I go to my desktop web browser and go to my Asus router console web page @ 192.168.1.1 I cannot reach it.  But I cannot ping it either.  I can go to 10.1.5.1 and reach the FortiGate's web login, which is appropriate for the current config and trial and erroring I am doing.

 

Some testing I have tried, I know some of this now wouldn't have worked (or doesn't):

[ul]
  • Created an IPv4 policy for WiFi to talk to my LAN.  This of course doesn't work.
  • Created a Policy Route for my desktop (LAN) to my WiFi (LAN1) and that didn't help anything.
  • I tried creating a new static route but I am going to be honest, I don't completely understand static routes.  I tried creating the destination IP in static routes as 192.168.1.0/24, with a gateway of 10.1.5.1 (interface my wifi is plugged into) and then it auto senses the interface as LAN1 (Wifi) and says that this isn't allowed because the gateway IP and interface now match.  So I thought I was close.  Even tried gateway AS 10.1.5.2 with destination IP of 192.168.1.1 as .2 is the IP of the asus.  Interface LAN1 for Wifi.  Try again in the web page, still can't reach it.
  • I then wento Monitor -> Routing Monitor -> Clicked Route Lookup and entered 192.168.1.1 and the static interface to my INTERNET connection (wan) lights up / blinks. [/ul]

    So I think I am on the right track with this being a routing issue; however, I am not sure.

     

    Can of you offer any advise on what I should be doing to configure my FortiGate to allow me to access 192.168.1.1 off of my lan1 wifi interface which is an interface IP of 10.1.5.1 and asus router device IP of 10.1.5.2?

     

    If you have any questions please let me know, happy to help!

     

    Thank you.

    • 4131
    0 Kudos
    1 REPLY 1
    Kambien
    New Contributor

    Created on ‎10-23-2018 12:55 PM

    Please disregard.  I was making things overly complex.  I went back to basics and drew out what I was attempting to try.  Was able to discover I missed a key piece - how are my Asus Router and FG30E physically connected.  It was Port1 FG Interface --> WAN Interface on the Asus.  The Asus Firewall was, of course, blocking me due to my physical connection to the WAN port and the functions that are attributed with the Asus OS protecting everything on the other side of the WAN port.

     

    However!  This was an amazing learning lesson!

     

    Regards.

    1785
    0 Kudos
    Labels
    Top Kudoed Authors
    View all
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2024 Fortinet, Inc. All Rights Reserved.