No compatible items with FORTINET Bundle for FortiGate VM02.Overview. Compute optimized virtual machine sizes.Routing issue - FortiGate VM02 - intra-interface routingFORTINET Bundle for FortiGate VM02 24x7 Comprehensive Renewal FortiCare & FortiGuard 1 Year. For up-to-date information on each instance type, see the following links: Sizes for virtual machines in Azure. FortiGate supports compute optimized instances (F-series, Fs-series, and Fsv2-series) and general purpose instances (Dv2-series, DSv2-series, Dv3-series, and Dsv3-series).
I have all of the static routes in place and have no issues again with FortiGate to subnet traffic, it's just when the traffic traverses the fortigate between the subnets. This works fine for ping but will break directed IP traffic. An example of a policy is: source int: transit dest int: transit source IP: 10.0.0.0/24 dest IP: 10.0.2.0/24 The only way I can get this communication to work is to enable NAT on the policy. The policies are in place to allow traffic and I do see inbound traffic hitting the counters. What I cannot get to work is connectivity between subnets VIA the fortigate.
...
I have done packet captures on all points. The hosts just respond to that IP and it works. When I turn on NAT on the policies, the FortiGate is doing source NAT to the IP address of the interface. It is a bit different but makes sense in the context of Azure. The details of why this happens in all based on the architecture of Azure. It is kinda like a router on a stick but without the VLANs. AND all communication in both directions will use the single interface.
This is like a hairpin, but without the NAT. SO, I am fairly sure that the firewall is preventing this traffic but I'm not sure why.
0 kommentar(er)
