Interconnecting Junos and FortiOS

Posted on 2014-01-28
Last Modified: 2014-03-05
I am trying to connect two routers.
A Fortigate 200B (FortiOS v5.0,build0147 (GA Patch 1)) and a Juniper SRX240H (JUNOS Software Release [11.4R5.5]).

Here is a quick diagram of the topology:


I can ping PC1 from SERVER1.
I can ping from FortiGate 200B.
I cannot ping SERVER1 from PC1.
I cannot ping from SRX240H.

FGT200B created a directly connected route for and is pushing it through
I cannot see the same thing on SRX240H. I tried creating a route to on SRX240H with the outgoing interface port10[], but I get the error message that the interface is not a point-to-point connection.

How can I get the two routers to communicate properly?
Question by:proteus-IV
  • 4
  • 3
LVL 12

Expert Comment

ID: 39814814
Which port on Fortigate is connected to SRX240H?

Let's say you are connected as below:

SRX240[]<->Port1-[]FGT200B Portw []<->[]SERVER1

The routes should be: port1

On the router SRX24OH, you need to add.

ip route

Author Comment

ID: 39815854
Port10[] on Fortigate is connected to port10[] on Juniper.

I tried adding the route on SRX240H, but I cannot access the subnet from the SRX240H, nor the subnet.

Here is the relevant output from the FGT200B routing table:
S [10/0] via, port10
C is directly connected, port10
C is directly connected, switch

Open in new window

And also from SRX240H:    *[Static/5] 1d 01:52:57
                              > to via ge-0/0/10.0      *[Direct/0] 1d 01:47:18
                              > via ge-0/0/1.0  *[Direct/0] 1d 01:47:18
                              > via ge-0/0/10.0  *[Local/0] 1d 01:47:31
                              > Local via ge-0/0/10.0

Open in new window

LVL 12

Expert Comment

ID: 39819225
What is the gateway for PC1 and Server1?

You are not able to ping from SRX240H?

Is the ICMP allowed on Fortinet interface 10?

Can you also post traceroute from PC1 to Server1?
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.


Author Comment

ID: 39836749
PC1 gateway:
Server1 gateway:

Yes, I am unable to ping from SRX240H.

All protocols are allowed on Fortigate interface 10.

Here is the traceroute output from PC1 to Server1:

Tracing route to over a maximum of 30 hops

1  <1ms  <1ms  <1ms
2  *  *  *  Request timed out.
3  *  *  *  Request timed out.
4  *  *  *  Request timed out.
5  *  *  *  Request timed out.
6  *  *  *  Request timed out.
7  *  *  *  Request timed out.
8  *  *  *  Request timed out.
9  *  *  *  Request timed out.
10  *  *  *  Request timed out.
11  *  *  *  Request timed out.
12  *  *  *  Request timed out.
13  *  *  *  Request timed out.
14  *  *  *  Request timed out.
15  *  *  *  Request timed out.
16  *  *  *  Request timed out.
17  *  *  *  Request timed out.
18  *  *  *  Request timed out.
19  *  *  *  Request timed out.
20  *  *  *  Request timed out.
21  *  *  *  Request timed out.
22  *  *  *  Request timed out.
23  *  *  *  Request timed out.
24  *  *  *  Request timed out.
25  *  *  *  Request timed out.
26  *  *  *  Request timed out.
27  *  *  *  Request timed out.
28  *  *  *  Request timed out.
29  *  *  *  Request timed out.
30  *  *  *  Request timed out.

Trace complete.

Open in new window

LVL 12

Expert Comment

ID: 39836796
There is your issue.


The connection between SRX and FGT.

Is it a direct connection or what type of connection is this?

Author Comment

ID: 39836854
It is a direct connection, ethernet port-to-port.

But, I am able to ping from FGT200B.

I can also ping from Server1 to PC1.

Traceroute from Server1 to PC1 shows as 1st hop and as second hop and as 3rd hop.
LVL 12

Accepted Solution

Infamus earned 500 total points
ID: 39836891
Since you are not able to ping from SRX to the Fortgate, I think that is the issue there.

You have the correct routing so I'm curious if Fortigate is blocking incoming traffic.

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question