mhauck
Contributor
Contributor

Fortinet VM and VLAN Routing

Hello.

First off, I am not a network/Fortinet guy so forgive my lack of knowledge in this area. 

Also, I did find this posting, but I must be missing something;

Virtual Fortinet with VLAN Tagging

I am using a Fortinet VM on an ESXi host.

FortiOS VM64 - 5.4.2.

The Fortinet has three vNICs connected;

1) mgmnt

2) port1 - 0.0.0.0/255.255.255.0 - Connected to port group configured with VLAN "All"

Interfaces for this port;

- int vlan 10 - 192.168.10.1

- int vlan 20 - 192.168.20.1

- int vlan 30 - 192.168.30.1

3) port2

vSwitch has four port groups;

Compute- VLAN "All"

vlan10 - VLAN 10

vlan20 - VLAN 20

vlan30 - VLAN 30

pastedImage_4.png

As you can see the FW is connected to the "Compute" port group.

The .1 address on the FW is the gateway for each "vlan" port group VM.

VMs connected to the "vlan" port groups can ping ALL .1 addresses on the FW and other VMs on their own VLAN, but cannot ping VMs on other VLANs.

So, VM1 can ping other VMs on vlan 10 and 10.1, 20.1, 30.1, but can't ping SRV1 (192.168.30.12).

FW Interfaces;

pastedImage_15.png

IPv4 Policy;

pastedImage_17.png

Pol vlan 10 to vlan 30;
pastedImage_18.png

Pol vlan 30 to vlan 10;

pastedImage_20.png

There are no static routes configured.

I did a debug while pinging between vlan 10 and vlan 30;

id=20085 trace_id=633 func=print_pkt_detail line=4792 msg="vd-root received a packet(proto=1, 192.168.10.12:1->192.168.30.10:2048) from vlan 10. type=8, code=0, id=1, seq=66."

id=20085 trace_id=633 func=init_ip_session_common line=4943 msg="allocate a new session-0003aab0"

id=20085 trace_id=633 func=vf_ip_route_input_common line=2586 msg="find a route: flag=04000000 gw-192.168.30.10 via vlan 30"

Not really sure what this means. Did the request get dropped? I

Any suggestions greatly appreciated.

Let me know if you need more information.

Tags (3)
0 Kudos
0 Replies