I have been troubleshooting this issue between our main VLAN (we'll call V1) and V4 which is the native. The 2 host devices (1 on V1 and 1 on V4) are not able to establish a TCP handshake.
This network is running on a Fortigate and the policies exist to allow all traffic over any port from V1 to V4. There is also a separate, but identical policy for V1 to V3 and the connectivity when testing the hosts from V1 to V3 works just fine.
Upon doing a pcap from the successful connectivity of the hosts from V1>V3 I am able to see a series of syn/psh/fin and their corresponding ack packets. The pcap from the failed handshake only shows a long list of syn packets sourced from both hosts to each other without any corresponding acks. So the conclusion I've come to is that the host on V4 is receiving the packets from the V1 host, but just not establishing a handshake and acknowledgments.
I'm sensing it might have something to do with V4 being the native or some other policy I am not catching somewhere. There is also no policies that allow any traffic into V1 initiated from any other VLAN, but as mentioned, traffic sourcing from V1 to elsewhere allows bidirectional traffic once the handshake is established.
Thanks in advance for any suggestions!
No comments:
Post a Comment