Unable to ping Google-AWS Fortigate firewall-SOLVED

Followed this guide:


I have EC2 windows instance, also have EC2 FortiGate-FortiGate VM64-AWSONDEMAND . Fortigate has 2 NIC: (external one) (internal)

In VPC has 2 route tables:

Public and internal

Public route table:


target: internet gateway

included subnet:

Behind FortiGate firewall I have windows instance in subnet

Private route table:


target: "internal" FortiGate firewall interface

included subnet:

For all devices on "internal" network default route will be the internal interface of Fortigate FW

Source/destination check disabled on an internal FortiGate interface

I created proxy policy and proxy rule, specified FortiGate internal IP address as a proxy in the browser. I can browse the internet from windows instance, unable to ping

I created IPV4 rule to allow all traffic from LAN ( to any address

enter image description here

static route:

enter image description here


If I remove proxy policy and proxy address from the browser I can't search the internet, unable to ping

I CAN ping FortiGate internal and external interfaces

but traffic won't pass outside windows machine (

Tracing route to google-public-dns-a.google.com []
over a maximum of 30 hops:
  0  WIN-0675NFPK57B.eu-west-1.compute.internal []
  1     *        *        *
Computing statistics for 0 seconds...
            Source to Here   This Node/Link
Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
  0                                           WIN-0675NFPK57B.eu-west-1.compute.internal []

PS C:\Users\Administrator> route print
Interface List
 12...06 db ec 01 23 08 ......AWS PV Network Device #0
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

IPv4 Route Table
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
     10 is AWS gateway

Leave Your Comment