never used Forti product before (been a cisco, juniper guy) bought a used 400a, reset it to factory defaults then setup as follows
1 2 3 4 5 | wan - port 3 (70.xxx.xxx.xxx)
lan1 - port 5 (10.0.0.x)
lan2 - port 6 (10.10.10.x)
|
then setup my static route (default gateway) 0.0.0.0 - 70.xxx.xxx.xxx
didn't have outbound internet on either port 5 or 6 until I added two policy routes;
1 2 3 | in: port 5 / 6
out: port 3
src: 0.0.0.0 --- dest: 0.0.0.0
|
added some port forwarding rules (pptp, rdp) and setup ipsec LT2P tunnel to the router - all works fine.
the problem is I'm now trying to route internal network 10.10.10.x (port 6) to 10.0.0.x (port 5) and is
not communicating. I can ping the port 5 interface (10.0.0.1) if I use a policy route
when I debug flow trace the 10.0.0.10 address and ping from the 10.10.10.5 pc I get;
1 2 3 4 5 6 7 8 9 | id=36871 trace_id=554 msg="vd-root received a packet(proto=1, 10.10.10.5:1->10.0.0.10:8) from port6."
id=36871 trace_id=554 msg="allocate a new session-00010c12"
id=36871 trace_id=554 msg="Match policy routing: to 10.0.0.1 via ifindex-7"
id=36871 trace_id=554 msg="find a route: gw-10.0.0.1 via root"
id=36871 trace_id=554 msg="iprope_in_check() check failed, drop"
|
based on online examples of debug. I think the problem is
id=36871 trace_id=554 msg="find a route: gw-10.0.0.1 via root"
Which should state
id=36871 trace_id=554 msg="find a route: gw-10.0.0.1 via port5"
Any thoughts? Thanks!