Interconnecting Junos and FortiOS

Posted on 2014-01-28
Last Modified: 2014-03-05
I am trying to connect two routers.
A Fortigate 200B (FortiOS v5.0,build0147 (GA Patch 1)) and a Juniper SRX240H (JUNOS Software Release [11.4R5.5]).

Here is a quick diagram of the topology:


I can ping PC1 from SERVER1.
I can ping from FortiGate 200B.
I cannot ping SERVER1 from PC1.
I cannot ping from SRX240H.

FGT200B created a directly connected route for and is pushing it through
I cannot see the same thing on SRX240H. I tried creating a route to on SRX240H with the outgoing interface port10[], but I get the error message that the interface is not a point-to-point connection.

How can I get the two routers to communicate properly?
Question by:proteus-IV
Expert Comment

Which port on Fortigate is connected to SRX240H?

Let's say you are connected as below:

SRX240[]<->Port1-[]FGT200B Portw []<->[]SERVER1

The routes should be: port1

On the router SRX24OH, you need to add.

ip route

Author Comment

Port10[] on Fortigate is connected to port10[] on Juniper.

I tried adding the route on SRX240H, but I cannot access the subnet from the SRX240H, nor the subnet.

Here is the relevant output from the FGT200B routing table:
S [10/0] via, port10
C is directly connected, port10
C is directly connected, switch

And also from SRX240H:    *[Static/5] 1d 01:52:57
                              > to via ge-0/0/10.0      *[Direct/0] 1d 01:47:18
                              > via ge-0/0/1.0  *[Direct/0] 1d 01:47:18
                              > via ge-0/0/10.0  *[Local/0] 1d 01:47:31
                              > Local via ge-0/0/10.0

Expert Comment

What is the gateway for PC1 and Server1?

You are not able to ping from SRX240H?

Is the ICMP allowed on Fortinet interface 10?

Can you also post traceroute from PC1 to Server1?
Author Comment

PC1 gateway:
Server1 gateway:

Yes, I am unable to ping from SRX240H.

All protocols are allowed on Fortigate interface 10.

Here is the traceroute output from PC1 to Server1:

Tracing route to over a maximum of 30 hops

1  <1ms  <1ms  <1ms
2  *  *  *  Request timed out.
3  *  *  *  Request timed out.
4  *  *  *  Request timed out.
5  *  *  *  Request timed out.
6  *  *  *  Request timed out.
7  *  *  *  Request timed out.
8  *  *  *  Request timed out.
9  *  *  *  Request timed out.
10  *  *  *  Request timed out.
11  *  *  *  Request timed out.
12  *  *  *  Request timed out.
13  *  *  *  Request timed out.
14  *  *  *  Request timed out.
15  *  *  *  Request timed out.
16  *  *  *  Request timed out.
17  *  *  *  Request timed out.
18  *  *  *  Request timed out.
19  *  *  *  Request timed out.
20  *  *  *  Request timed out.
21  *  *  *  Request timed out.
22  *  *  *  Request timed out.
23  *  *  *  Request timed out.
24  *  *  *  Request timed out.
25  *  *  *  Request timed out.
26  *  *  *  Request timed out.
27  *  *  *  Request timed out.
28  *  *  *  Request timed out.
29  *  *  *  Request timed out.
30  *  *  *  Request timed out.

Trace complete.

Expert Comment

There is your issue.


The connection between SRX and FGT.

Is it a direct connection or what type of connection is this?

Author Comment

It is a direct connection, ethernet port-to-port.

But, I am able to ping from FGT200B.

I can also ping from Server1 to PC1.

Traceroute from Server1 to PC1 shows as 1st hop and as second hop and as 3rd hop.
Accepted Solution

Since you are not able to ping from SRX to the Fortgate, I think that is the issue there.

You have the correct routing so I'm curious if Fortigate is blocking incoming traffic.

