So we are trying to switch to new firewall hardware. Latest software. Same configs. No changes on our core. New firewall with test bed core switch works fine. So we try to go Live. Swapped cables, cleared arp. If I ping to internet from our core thru source vlans it works, but not from systems on the same vlan.
Any clues? Is this something to do with the firewall or the switch?
- Check the firewall logs for starters, especially blocked or dropped traffic, but also rule-matching for supposedly pass-thru traffic should be sanity-verified. If a rule should match and allow, then check logs and verify
Thanks for your response.
There is nothing on the firewall logs. The same fw config works when i connect it a switch with same config as the core switch. Everything works fine there.
It is a Fortigate. From every vlan interface on the switch the internet is reachable. "ping 18.104.22.168 source vlan xx" From the systems, nothing.
Put the ASA to rest :(
What can you ping from the Fortigate, the Vlan interfaces (I assume) and not the clients ? Post the running config of the switch, as well as the config of the Fortigate...