"Best Way To Communicate LAN, and OPT interfaces?"

ricardo.aybar

[Solved] Hi guys,

Hope you all are good and safe. This is the thing. I have a laptop in the LAN interface (192.168.87.0/24), and I have another subnet (192.168.199.252/30) in the OPT interface. At the other end of the OPT interface a I have a Fortigate VM running on a ESXi 6.7 host which has one nic enabled in the same range of my laptop (192.168.87.200) to manage the host and the Fortigate.

My plan is to use the OPT interface as a Lab interface, and use it to route all the traffic related to the subnets connected to the Fortigate interfaces. However, my Netgate (SG-1100 2.4.5-RELEASE) doesn't let me pass from my DG on 87.0/24, if I want to do ping or RDP to the VMs behind the FG.

Both FWs respond pings from their interfaces, however, I can't have the traffic passed between LAN and OPT interfaces. During a week, I've read/tried static routes, rules, floating rules, and NAT handling the incoming Internet traffic to the FG (because the project is to setup a SSL-VPN on the Fortigate and allow RDP connections to the VMs and manage the FG from the Internet and my home network, and tired of having issues, I'm rebuilding the routing but now using the OPT interface :])

If I ping from my laptop, the reply doesn't return (request time out).

In short, what is the simplest way to interconnect these interfaces?

Any advise will be appreciated.

Warm regards,
Ricardo

Gertjan

@ricardo-aybar said in "Best Way To Communicate LAN, and OPT interfaces?":

I have a laptop in the LAN interface (192.168.87.0/24)

and

@ricardo-aybar said in "Best Way To Communicate LAN, and OPT interfaces?":

(192.168.199.252/30) in the OPT interface ... At the other end of the OPT interface a... has one nic enabled in the same range of my laptop (192.168.87.200) ....

Really, a /30 ? DHCP server is happy ? The "192.168.87.200" connected to a "192.168.199.252/30" network ?

ricardo.aybar

@Gertjan

The /30 is a ptp link between the FWs using the OPT interface. My laptop is connected to the LAN interface. But the FG VM is running in a ESXi host. I don't expect you to get over the whole implementation, just let me know how I pass the traffic between LAN and OPT no considering what I have connected to the OPT.

Gertjan

@ricardo-aybar said in "Best Way To Communicate LAN, and OPT interfaces?":

just let me know how I pass the traffic between LAN and OPT

The second rule in your first image, and the rule on your second image will take car of that.

ricardo.aybar

@Gertjan You are right. I just restored the configuration on my FG that I had working good last night, and voila. However, I'm considering to enable a nic on my ESXi host and send the traffic through the OPT. And not use the same interface for everything.