Anyone have experience or familiar with Oracle Cloud and Fortigate?
We are migrating to OCI and since Oracle does not have anything of a network insight for logging etc we decided to make our edge device a Fortigate. I followed the docs etc on how to spin them up attach VNICs etc. I attached the 2nd VNIC for the “protected network” which will be the LAN port on the Fortigate. It now states that I should update the Route Table for whichever subnets I want to go through the Fortigate and out to the internet from instead of using Oracles NAT Gateway. Pretty much I want all traffic to egress and ingress to and through the Fortigate.
The underlying servers 10.100.2.2 cannot get out to the internet however if I point there route table to 10.100.0.5 (LAN on Fortigate) and they cannot ping that IP either from the servers but in the reverse direction I can ping the underlying servers when I source ping from the LAN on the Fortigate to those servers.
To make it even weirder ... I have a Fortiweb WAF spun up in the same subnet as the LAN on Fortigate.
Fortiweb 10.100.0.6 Fortigate LAN 10.100.0.5
I have the default route on the Fortiweb to point to the LAN 10.100.0.5 and it can get out to the internet just fine?! I run a trace on the Fortiweb it hits 10.100.0.5 then out to the public internet. This is what is driving me nuts this test proves the LAN on Fortigate is working properly by the LAN to WAN policy for ALL traffic out. It is allowing the WAF to get out to the internet through the Fortigate but not the underlying servers.
I have a SEV1 opened with Oracle and that is honestly not getting anywhere it’s been8 days they are even confused. I have sourcedestination checked on the VNICs as well which is Oracles way of allowing diff subnets to talk.
just throwing out a lifeline to anyone who maybe has seen or heard of this issue before ... appreciate it all
No comments:
Post a Comment