Cisco Community
English
Register
Great changes are coming to Cisco Community in July. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
426
Views
0
Helpful
5
Replies
Rajan R
Beginner
Beginner
‎02-28-2020 09:34 AM
‎02-28-2020 09:34 AM

Internet works from switch, No internet on system.

Hello, 

 

So we are trying to switch to new firewall hardware. Latest software. Same configs. No changes on our core. New firewall with test bed core switch works fine. So we try to go Live. Swapped cables, cleared arp. If I ping to internet from our core thru source vlans it works, but not from systems on the same vlan.

Any clues? Is this something to do with the firewall or the switch? 

Thanks

Labels:
0 Helpful
5 REPLIES 5
marce1000
VIP Mentor VIP Mentor
VIP Mentor
‎02-28-2020 10:18 AM
‎02-28-2020 10:18 AM

 

 - Check the firewall logs for starters, especially blocked or dropped traffic, but also rule-matching for supposedly pass-thru traffic should be sanity-verified. If a rule should match and allow, then check logs and verify

 M.

0 Helpful
Rajan R
Beginner
Beginner
In response to marce1000
‎02-28-2020 11:16 AM
‎02-28-2020 11:16 AM

Thanks for your response.

 

There is nothing on the firewall logs. The same fw config works when i connect it a switch with same config as the core switch. Everything works fine there.

0 Helpful
Georg Pauwen
VIP Master VIP Master
VIP Master
‎02-28-2020 11:26 AM
‎02-28-2020 11:26 AM

Hello,

 

which firewall do you have, an ASA ? Post the running configuration...

0 Helpful
Rajan R
Beginner
Beginner
In response to Georg Pauwen
‎02-28-2020 11:39 AM
‎02-28-2020 11:39 AM

It is a Fortigate. From every vlan interface on the switch the internet is reachable. "ping 8.8.8.8 source vlan xx" From the systems, nothing.

 

Thanks

Put the ASA to rest :(

0 Helpful
Georg Pauwen
VIP Master VIP Master
VIP Master
In response to Rajan R
‎02-28-2020 11:52 AM
‎02-28-2020 11:52 AM

What can you ping from the Fortigate, the Vlan interfaces (I assume) and not the clients ? Post the running config of the switch, as well as the config of the Fortigate...

0 Helpful
Latest Contents
AppDynamics
Created by mclymer on 06-30-2022 09:46 AM
0
0
0
0
Cisco Champion Radio: S9|E25 SD-WAN and Ubiquitous Cloud Sec...
Created by Amilee San Juan on 06-29-2022 02:35 PM
0
5
0
5
Listen: https://smarturl.it/CCRS9E25 Follow us: twitter.com/ciscochampions With applications and users everywhere, the networks are now, more than ever, being tasked with delivering consistent protection while providing an exceptional user exper... view more
Cisco Champion Radio: S9|E24 Cisco Radio Aware Routing
Created by Amilee San Juan on 06-28-2022 01:30 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E24 Follow us: https://twitter.com/CiscoChampion  Cisco Radio Aware Routing addresses several of the challenges faced when merging IP routing and radio communications in mobile networks, especially those exhibiti... view more
Cisco Champion Radio: S9|E23 The Cisco Catalyst 9136 Wi-Fi 6...
Created by Amilee San Juan on 06-28-2022 01:21 PM
0
0
0
0
Listen: https://smarturl.it/CCRS9E23 Follow us: https://twitter.com/CiscoChampion The Wi-Fi 6E Catalyst 9136 access point takes advantage of the 6-GHz band to produce a network that is more reliable and secure, with higher throughput, more ... view more
DR and the Type-2 LSA in OSPFv3 versus OSPFv2
Created by Meddane on 06-24-2022 04:35 PM
0
0
0
0
When moving from OSPFv2 to OSPFv3, there are many changes in the format of the LSAs Type, but the most known changes are: IP prefix informations are no longer carried in Type-1 LSA and Type-2 LSA, new LSAs Type 8 and 9 are added to carry these prefixes. L... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad