Unable to ping Google-AWS Fortigate firewall-SOLVED

Followed this guide:

https://cookbook.fortinet.com/create-routing-table-associate-subnets/

I have EC2 windows instance, also have EC2 FortiGate-FortiGate VM64-AWSONDEMAND . Fortigate has 2 NIC: 192.168.10.5 (external one) 192.168.30.0 (internal)

In VPC has 2 route tables:

Public and internal

Public route table:

destination:0.0.0.0

target: internet gateway

included subnet:192.168.10.0

Behind FortiGate firewall I have windows instance in 192.168.30.0/24 subnet

Private route table:

destination:0.0.0.0

target: "internal" FortiGate firewall interface

included subnet:192.168.30.0

For all devices on "internal" network default route will be the internal interface of Fortigate FW

Source/destination check disabled on an internal FortiGate interface

I created proxy policy and proxy rule, specified FortiGate internal IP address as a proxy in the browser. I can browse the internet from windows instance, unable to ping 8.8.8.8

I created IPV4 rule to allow all traffic from LAN (192.168.30.0) to any address

enter image description here

static route:

enter image description here

Problem:

If I remove proxy policy and proxy address from the browser I can't search the internet, unable to ping 8.8.8.8

I CAN ping FortiGate internal and external interfaces

but traffic won't pass outside windows machine (192.168.30.49)

Tracing route to google-public-dns-a.google.com [8.8.8.8]
over a maximum of 30 hops:
  0  WIN-0675NFPK57B.eu-west-1.compute.internal [192.168.30.49]
  1     *        *        *
Computing statistics for 0 seconds...
            Source to Here   This Node/Link
Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
  0                                           WIN-0675NFPK57B.eu-west-1.compute.internal [192.168.30.49]


PS C:\Users\Administrator> route print
===========================================================================
Interface List
 12...06 db ec 01 23 08 ......AWS PV Network Device #0
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.30.1    192.168.30.49     10

192.168.30.1 is AWS gateway

Leave Your Comment