multiple subnet routing via single interface

Vishalv16 · ‎10-10-2019

Currently we have setup as L3 have Vlan with multiple subnet subnet 1 :10.x.x.x subnet 2 :172.20.x.x now currently all system from 172.20.x.x can ping to 10.x.x.x but only 10.x.x.230 ip is not able to ping or access but from same subnet 10.x.x.x it's pinging & accessible. no access list is there , IP routing is enable now setup is that L3(192.168.10.2) is connected to firewall port 7 (192.168.10.1) and ip default route is there for all L3 traffic to targeted to firewall. now my qu is if i want to pass traffic from firewall of 172.20.x.5 ( a particular ip) to 10.x.x.230 both share the same interface will it be possible. if not can any have information why i am not able to ping 10.x.x.230 from 172.20.x.x ( its A cisco swtich) note: nothing is block on the system as we are able to access form IP sec tunnel from different location add-on info : I did tracert 10.x.x.230 its hitting to 172.20.x.253 then packet is dropped which is 172.20.x.x vlan getway for other ip like 10.x.x.245 tracert is successful from 172.20.x.x series Thanks in advance

[size="1"] FGT100E,FGT100D,FGT300C,FGT300E[/size] FortiOS 5.2, 5.4, 5.6,6.0,6.0.2 and 6.2

Toshi_Esumi · ‎10-10-2019

First, what are the subnet masks /8 and /16? How about port7? /24?

Then do all GWs of the subnets exist on the FGT? If so 10.x.x.230 should be reachable from all other subnets as long as proper policies exist.

Vishalv16 · ‎10-18-2019

First, what are the subnet masks /8 and /16? How about port7? /24? both have /24 subnet mask Then do all GWs of the subnets exist on the FGT? GW are in L3 switch Vlan

[size="1"] FGT100E,FGT100D,FGT300C,FGT300E[/size] FortiOS 5.2, 5.4, 5.6,6.0,6.0.2 and 6.2

Toshi_Esumi · ‎10-18-2019

So you meant L3 as L3 switch that has two vlans and the GW IPs for all other devices in those vlans, and the FGT is just connecting them to the internet. And you have 172.20.x.5/24 on the FGT, right? Then the FGT doesn't need any other IP and it can get back to all devices not only in 172.20.x.x/24 but also 10.x.x.x/24 as long as you have a static route on the FGT 10.x.x.x/24->172.20.x.1 (on the L3 switch/GW) because all routing/switching is done by the L3 switch.

Vishalv16 · ‎10-21-2019

none of these are connected to Fortigate directly L3 has default route IP route 0.0.0.0 0.0.0.0 192.168.20.2 (which is on L3 switch) & 192.168.20.1 on port connected to firewall. so in this case can i route traffic back to same port from which request is coming from i.e. port7 on L3 switch & port 3 on FGT now what am trying to do is the traffic of 10.x.x.x coming from L3 to port 3 firewall will go back to port 3 to Access 172.20.x.x.

[size="1"] FGT100E,FGT100D,FGT300C,FGT300E[/size] FortiOS 5.2, 5.4, 5.6,6.0,6.0.2 and 6.2

Toshi_Esumi · ‎10-21-2019

Just think your FGT as a router. You don't need two physical connections route from the L3 switch through the FGT to get to the internet. You original post said Port7 on FGT has 192.168.20.1/?? and connected to the switch. Use that connection to route all other vlans/subnets to get to/get back from the internet.

Vishalv16 · ‎10-23-2019

ok i will give it try will let you know the result

[size="1"] FGT100E,FGT100D,FGT300C,FGT300E[/size] FortiOS 5.2, 5.4, 5.6,6.0,6.0.2 and 6.2