Hot!Fortigate 5.4.9 Routing Issue

Author
June
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/06/18 17:56:16
  • Status: offline
2018/12/01 05:55:31 (permalink)
0

Fortigate 5.4.9 Routing Issue

Dear ALL,
 
I have a question about the Routing Issue.
Routing issues were detected yesterday afternoon in a firewall running on version 5.4.9 of the FortiOS.
Due to current routing issues, there were no service issues, but management access was not possible with each firewall.
 
[firewall Settings]
- FortiGate3100D(5.4 Patch9) - HA : Standalone mode, Vdom : enable
mgmt ip : 192.168.1.6
- FortiGate101E(5.4 Patch9) - HA : Standalone mode, Vdom : enable
mgmt ip : 192.168.1.250
 
[Issue information]
- management access was not possible with each firewall.
- As a result of packet capture at the firewall, the SYN packet which tried GUI Access from the administrator's PC(192.168.120.15) was confirmed.
However, the firewall does not export SYN + ACK packets.
- We tested ICMP / SSH / HTTPS etc, but the result was the same.
- The target of the "exec traceroute" command of the firewall has been specified as the administrator PC.
However, the output value was identified as loopback ip with "127.0.0.1".
e.g) exec trace route
exec trace route 192.168.120.15
traceroute to 192.168.120.15 (192.168.120.15), 32 hops max, 3 probe packets per hot, 84 byte packes
1 127.0.0.1 <localhost> 2991.668 ms !H 3000.442 ms !H^C *

- The applied routing table is as follows.
e.g) config router static
edit 2
set dst 192.168.120.0 255.255.255.0
set gateway 192.168.1.253
set deice mgmt1
next
- And as a result of adding host routing to the routing table, it became normal to communicate.
e.g) config route static
edit 3
set dst 192.168.120.15 255.255.255.255
set gateway 192.168.1.253
set device mgmt1
next
- Also, after deleting the above "edit 3" routing, access was still possible.

- At the time of the problem, "rtcache" had the IP "192.168.1.254" instead of the Default GW IP.
 
### diagnose ip rtcache list
family=02 tab=254 vf=0 type=01 tos=0 flag=00040200
0.0.0.0@0->192.168.120.15@4(mgmt1) gwy=192.168.1.254 prefsrc=192.168.1.6
ci: ref=0 lastused=274 expire=0 err=00000000 used=2 br=0 pmtu=1500
 
### get router info routing-table database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
> - selected route, * - FIB route, p - stale info

C *> 192.168.1.0/24 is directly connected, mgmt1
S *> 192.168.120.0/24 [10/0] via 192.168.1.253, mgmt1

### get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default

C 192.168.1.0/24 is directly connected, mgmt1
S 192.168.120.0/24 [10/0] via 192.168.1.253, mgmt1

Is the current symptom a bug?
post edited by June - 2018/12/01 06:12:46
#1

2 Replies Related Threads

    June
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/06/18 17:56:16
    • Status: offline
    Re: Fortigate 5.4.9 Routing Issue 2018/12/02 16:31:25 (permalink)
    0
    Can anyone answer the current issue?
    I want to know the solution to the current issue....
    #2
    sw2090
    Gold Member
    • Total Posts : 247
    • Scores: 8
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: Fortigate 5.4.9 Routing Issue 2018/12/04 23:43:18 (permalink)
    0
    could you explain your network infrastructure please?
    It is quite hard to understand your problem without knowing it.
    #3
    Jump to:
    © 2018 APG vNext Commercial Version 5.5