I downloaded KVM FortiOs 7.2.4. I need the Firewall to fortigate reach the ipaddress 8.8.8.8. To update the FortiGate-VM evaluation license.
Can someone help me?
update the FortiGate-VM evaluation license.
Moderator: mike
-
- Posts: 10
- Joined: Thu Sep 17, 2020 12:06 pm
update the FortiGate-VM evaluation license.
You do not have the required permissions to view the files attached to this post.
-
- Posts: 5067
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: update the FortiGate-VM evaluation license.
It depends where did you connect your device, the cloud must have internet !! as well node must be configured properly
-
- Posts: 10
- Joined: Thu Sep 17, 2020 12:06 pm
Re: update the FortiGate-VM evaluation license.
VM-EVE-NG is configured with fixed IP 10.11.217.110/24. The fortigate image has port 1 configured with the IP 10.11.217.109/24, a static route 10.11.217.0/24 and the gateway 10.11.217.1 configured.
A VM-EVE-NG ping 8.8.8.8, 10.11.217.109(fortigate image). The image ping 10.11.217.110 (VM-EVE-NG) . I couldn't make the image fortigate ping 8.8.8.8.
sh sys inter
config system interface
edit "port1"
set vdom "root"
set ip 10.11.217.109 255.255.255.0
set allowaccess ping https ssh http telnet
set type physical
set alias "internal"
set snmp-index 1
next
edit "port2"
set vdom "root"
set type physical
set snmp-index 2
next
edit "port3"
set vdom "root"
set type physical
set snmp-index 3
next
edit "port4"
set vdom "root"
set type physical
set snmp-index 4
next
edit "naf.root"
set vdom "root"
set type tunnel
set src-check disable
set snmp-index 5
next
edit "l2t.root"
set vdom "root"
set type tunnel
set snmp-index 6
next
edit "ssl.root"
set vdom "root"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 7
next
edit "fortilink"
set vdom "root"
set fortilink enable
set ip 10.255.1.1 255.255.255.0
set allowaccess ping fabric
set type aggregate
set lldp-reception enable
set lldp-transmission enable
set snmp-index 8
next
end
-------------------------------------
FGT(static) # show
config router static
edit 1
set dst 10.11.217.0 255.255.255.0
set gateway 10.11.217.110
set device "port1"
A VM-EVE-NG ping 8.8.8.8, 10.11.217.109(fortigate image). The image ping 10.11.217.110 (VM-EVE-NG) . I couldn't make the image fortigate ping 8.8.8.8.
sh sys inter
config system interface
edit "port1"
set vdom "root"
set ip 10.11.217.109 255.255.255.0
set allowaccess ping https ssh http telnet
set type physical
set alias "internal"
set snmp-index 1
next
edit "port2"
set vdom "root"
set type physical
set snmp-index 2
next
edit "port3"
set vdom "root"
set type physical
set snmp-index 3
next
edit "port4"
set vdom "root"
set type physical
set snmp-index 4
next
edit "naf.root"
set vdom "root"
set type tunnel
set src-check disable
set snmp-index 5
next
edit "l2t.root"
set vdom "root"
set type tunnel
set snmp-index 6
next
edit "ssl.root"
set vdom "root"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 7
next
edit "fortilink"
set vdom "root"
set fortilink enable
set ip 10.255.1.1 255.255.255.0
set allowaccess ping fabric
set type aggregate
set lldp-reception enable
set lldp-transmission enable
set snmp-index 8
next
end
-------------------------------------
FGT(static) # show
config router static
edit 1
set dst 10.11.217.0 255.255.255.0
set gateway 10.11.217.110
set device "port1"
-
- Posts: 5067
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: update the FortiGate-VM evaluation license.
And where is default route on Forti, your node dont know where is 8.8.8.8
-
- Posts: 10
- Joined: Thu Sep 17, 2020 12:06 pm
Re: update the FortiGate-VM evaluation license.
I did not understand your question? You say on VM-EVE-NG/10.11.217.110?
Can you show which setting is missing?
Can you show which setting is missing?
-
- Posts: 5067
- Joined: Wed Mar 15, 2017 4:44 pm
- Location: London
- Contact:
Re: update the FortiGate-VM evaluation license.
your fortinet with just ststic route to private subnet does not know how to reach 8.8.8.8
because you have not configured default route on forti with default gateway.
In your setup currently you, no logic how to reach internet...
Simply you have not default route to 0.0.0.0/0 via default GW 10.11.217.XX (same GW IP as for EVE VM itself)
because you have not configured default route on forti with default gateway.
In your setup currently you, no logic how to reach internet...
Simply you have not default route to 0.0.0.0/0 via default GW 10.11.217.XX (same GW IP as for EVE VM itself)
-
- Posts: 10
- Joined: Thu Sep 17, 2020 12:06 pm
Re: update the FortiGate-VM evaluation license.
I configured a static route as below. But the packet not reach the internet.
seeduc (static) # show
config router static
edit 2
set device "port1"
next
end
seeduc (static) # edit 2
seeduc (2) # set 0.0.0.0/0
seeduc # execute ping 10.11.217.110 (VM-EVE-NG)
PING 10.11.217.110 (10.11.217.110): 56 data bytes
64 bytes from 10.11.217.110: icmp_seq=0 ttl=64 time=0.7 ms
64 bytes from 10.11.217.110: icmp_seq=1 ttl=64 time=0.6 ms
64 bytes from 10.11.217.110: icmp_seq=2 ttl=64 time=0.8 ms
64 bytes from 10.11.217.110: icmp_seq=3 ttl=64 time=0.4 ms
64 bytes from 10.11.217.110: icmp_seq=4 ttl=64 time=0.4 ms
seeduc # execute ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
seeduc (static) # show
config router static
edit 2
set device "port1"
next
end
seeduc (static) # edit 2
seeduc (2) # set 0.0.0.0/0
seeduc # execute ping 10.11.217.110 (VM-EVE-NG)
PING 10.11.217.110 (10.11.217.110): 56 data bytes
64 bytes from 10.11.217.110: icmp_seq=0 ttl=64 time=0.7 ms
64 bytes from 10.11.217.110: icmp_seq=1 ttl=64 time=0.6 ms
64 bytes from 10.11.217.110: icmp_seq=2 ttl=64 time=0.8 ms
64 bytes from 10.11.217.110: icmp_seq=3 ttl=64 time=0.4 ms
64 bytes from 10.11.217.110: icmp_seq=4 ttl=64 time=0.4 ms
seeduc # execute ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss