Hot!Ask - WAN setting with IP Static from ISP

Author
papapuff
Gold Member
  • Total Posts : 134
  • Scores: 0
  • Reward points: 0
  • Joined: 2012/05/24 20:31:44
  • Status: offline
2020/09/17 07:26:05 (permalink)
0

Ask - WAN setting with IP Static from ISP

hi There,
this might be ridiculous question, but I want to make sure I didn't miss something while setup.
we use Fortigate 30E, and
we have ISP that provide IP Public static. information they given:
IP 1.1.1.1 / 29
subnet 255.255.255.248 / 29
gateway 1.1.1.2
dns 8.8.8.8 ; 8.0.8.0
 
then we made config on fortigate:
- interface WAN
IP : 1.1.1.1
subnet : 255.255.255.248
ping, https, fmg-access: checked
 
- static route
destination: 0.0.0.0
gateway: 1.1.1.2
other setting: <default>
 
- DNS
8.8.8.8, 8.0.8.0
 
now connect all cable.
LED WAN, all on.
 
but when I ping to IP 1.1.1.1 from outside network, it said:
ttl expire in transit
 
but I can ping to 1.1.1.2 and give reply.
 
am I missed something?
 
need help. thanks
#1

4 Replies Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 2275
    • Scores: 219
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Ask - WAN setting with IP Static from ISP 2020/09/17 08:40:40 (permalink)
    0
    Nothing ridiculous but a basic routing troubleshooting.
    Just traceroute from ouside toward 1.1.1.1 to see if you can get to at least the GW. My guess it your ISP's routing problem.
    Always check the routing table in GUI or CLI (get router info routing-table all) to make sure the static default route is pointing to the GW.
     
    By the way, if it's older than 6.0, check if trusthosts are configured, then ping wouldn't get reply if the source is not in the list of trusthosts. I think they changed this behavior after 6.0.
    #2
    papapuff
    Gold Member
    • Total Posts : 134
    • Scores: 0
    • Reward points: 0
    • Joined: 2012/05/24 20:31:44
    • Status: offline
    Re: Ask - WAN setting with IP Static from ISP 2020/09/17 23:48:32 (permalink)
    0
    helllo.
    thanks for response.
    try tracert from outside network, time out until no end.
     
    I see installed device, the connection strange to me.
     
    FO (from tower base) -> Mikrotik -> RJ45
     
    ths rj45 go to Fortigate
    #3
    ShawnZA
    Silver Member
    • Total Posts : 95
    • Scores: 11
    • Reward points: 0
    • Joined: 2018/04/02 23:31:22
    • Location: Cape Town
    • Status: offline
    Re: Ask - WAN setting with IP Static from ISP 2020/09/18 00:01:21 (permalink)
    0
    If your admin account is not locked down to trusted hosts then the mikrotik must be blocking incoming traffic perhaps?
    #4
    papapuff
    Gold Member
    • Total Posts : 134
    • Scores: 0
    • Reward points: 0
    • Joined: 2012/05/24 20:31:44
    • Status: offline
    Re: Ask - WAN setting with IP Static from ISP 2020/09/20 22:33:29 (permalink)
    0
    toshiesumi
    Nothing ridiculous but a basic routing troubleshooting.
    Just traceroute from ouside toward 1.1.1.1 to see if you can get to at least the GW. My guess it your ISP's routing problem.
    Always check the routing table in GUI or CLI (get router info routing-table all) to make sure the static default route is pointing to the GW.
     
    By the way, if it's older than 6.0, check if trusthosts are configured, then ping wouldn't get reply if the source is not in the list of trusthosts. I think they changed this behavior after 6.0.


    hello,
    sorry missed to answer.
    yes, static default route pointing to gateway 1.1.1.2 for interface WAN
    #5
    Jump to:
    © 2020 APG vNext Commercial Version 5.5