Hot!Fortigate 50E NAT devices can reach the web, 50E itself cannot, help !!!

New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/03 02:51:39
  • Status: offline
2019/09/06 08:22:07 (permalink) 6.2

Fortigate 50E NAT devices can reach the web, 50E itself cannot, help !!!

Hi there,
We currently have a new set up,  which has a 50e used as the DMZ FW which connects directly to the WWW router on a none routed /30 subnet (transit)  and 100E connects directly to the 50e via a transit link.  devices behind the 100e and 50e can get to the web via a NAT overload and there is specific 1 to 1 NATs as well. 
100E doesn't do NAT, all NAT is on the 50E.  100E can ping the web and reach Fortinet via the dashboard for updates etc using a route that points to the 50e, 50e then just pushes everything from that subnet to a public address via NAT overload.  My issue is the 50e cannot ping and does not receive updates from Fortinet on the dashboard.
Any advice, I added a loopback with its own public address this didn't work.  I added the Loopback to the NAT overload group that the 100e uses that didn't work either.  I even created a 1 to 1 nat from the /30 IP that connects to the router (none advertised) to a new public address this wouldn't allow the 50e to ping out either via the specific source.
I have asked networks to check what is allowed in, I did a packet sniffer and it showed packets going out but not returning for the 50e, they do for the 100e, the router does have a acl inbound which denies any IP to the 50e /30 specific IP but the 100e is able to get out using the NAT.
Any ideas appreciated.
Many thanks

0 Replies Related Threads

    Jump to:
    © 2020 APG vNext Commercial Version 5.5