Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
801
Views
0
Helpful
3
Replies

Connectivity issue between my core switch & FG UTM

Go to solution
Wesso
Level 1
Level 1

‎10-26-2020 07:21 AM

Hi guys,

 

I'm new member here, actually I'm new in Cisco world. I am seeking for some help & support.

 

I can't ping my FortiGate UTM which is connected directly to Catalyst 9300 layer 3 core switch

IP add for FG: 10.10.50.1/30

port IP add in switch: 10.10.50.2/30

both are directly connected 

I can ping switch port no problem, when it comes to FG port it fails!!!!

 

Anyone has an idea why this happened!??

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎10-26-2020 04:16 PM

Hi there,

To make you test work, using the PC subnet as an example you need to add the following route to the UTM (I have no idea of the correct FG syntax):

ip route 10.10.0.0 255.255.255.0 10.10.50.2

If the above route doesn't work then there is also the possibility that the UTM is dropping packets from subnets it is not connected to, check its logs. Also you may need to look into is IP spoofing settings, in this topology it is not expecting to receive packets with a source IP 10.10.0.0/24 on its inside interface (it only knows about the directly connected 10.10.50.0/24 subnet). You may need to specify all of the subnets which are reachable.

 

cheers,

Seb.

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎10-26-2020 07:27 AM - edited ‎10-26-2020 07:28 AM

Hi there,

I would guess that the UTM is configured to not responded to ICMP. 

Do you know what management protocols are enabled on the UTM interface? 

 

If the UTM is a new install and you are pinging the UTM from a device on another subnet (ie not from the switch itself), does the UTM have  a route to that subnet via 10.10.50.2  ?

 

cheers,

Seb.

0 Helpful

Go to solution
Wesso
Level 1
Level 1
In response to Seb Rupik

‎10-26-2020 02:14 PM

Hi Seb,

 

thank you for your participation,

reference to the first point, I enabled "ping" on the interface which means  it should ping and give me reply

second, I could ping the UTM from the switch itself

* pinging from Catalyst 9300 to FG UTM -----> successful

* pinging from PC to Catalyst switch 10.10.50.2/30 -----> successful

* pinging from PC to FG UTM 10.10.50.1/30 -----> fail

 

note: PC in VLAN 10 with IP address 10.10.0.11/24 & routing between VLANs & subnets occur via Catalyst 9300 & Cisco 2911 router

the UTM still new and I'm doing the configuration on the FG UTM

 

regards'

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎10-26-2020 04:16 PM

Hi there,

To make you test work, using the PC subnet as an example you need to add the following route to the UTM (I have no idea of the correct FG syntax):

ip route 10.10.0.0 255.255.255.0 10.10.50.2

If the above route doesn't work then there is also the possibility that the UTM is dropping packets from subnets it is not connected to, check its logs. Also you may need to look into is IP spoofing settings, in this topology it is not expecting to receive packets with a source IP 10.10.0.0/24 on its inside interface (it only knows about the directly connected 10.10.50.0/24 subnet). You may need to specify all of the subnets which are reachable.

 

cheers,

Seb.

 

0 Helpful
Customers Also Viewed These Support Documents