Firewall/NAT

Hello everybody..

Im not sure if im in the right section here, but I just try it.

Ive got the following Network Layout:

Fortigate : WAN: Public IP LAN Interface: 172.30.10.0/24 --> Normal Computers are connected here..
Fortigate : WAN: Public IP DMZ Interface: 192.168.10.0/24 --> Monowall is connected here
Monowall: WAN: 192.168.10.0/24 LAN: 192.168.1.0

Now I want to ping a device in the Subnet 192.168.1.0/24 from 172.30.10.0/24
I was able to open the http port to access the WebGUI of monowall from 172.30.10.0/24 with an Inbound NAT.

On the firewall is every port allowed. * * * * * Rules...

Can you please give me an advice on how to allow the pinging of the lan ports?

Thank you for your help

create a WAN rule to pass ICMP echo to any.

CS...

Thank you for your suggestion, but I already tried that... Didn't work...

Any other ideas?

Thank you

Well, it has to be what CS said, you probably made a mistake in the rules if it didn't work.

Dont I have to create a NAT Rule like I did for the http port? The http port works, but no the pinging...

Ive got a LAN Rule which allows everything: * * * * *
And two WAN Rules: 1st: ICMP | 192.168.10.1 | * | 192.168.1.200 | *
2nd: * * * * *

I also tried it with allow fragmented packages etc.. I dont know how to continue..

The ping from the monowalls wan port itself, is also not able to ping the lan port.

Any help would be greatly appreciated...

Thanks

Hello its me again

So Im still trying to allow this ping... No success yet.

Now Im really asking myslef what Im doing wrong?

Some basic questions now:

Do I need to set up static routes? At the moment I only try to ping, from Monowall Web Interface, from WAN to a Client in LAN Network. It all the time says: ping: sendto: Permission denied

I created two Firewall Rules:

WAN ICMP(any) * * * *
LAN ICMP(any) * * * *

Do I need to check allow fragmented packets?

Or do I have to check: Bypass firewall rules for traffic on  the same interface?

Im really going nutts... Dont know what to do..

Thank you for your help

So I solved the first bit of my problem

I am able to ping my devices in LAN from WAN side.. Juchee
But now I also need to ping my devices from my other Net.

Fortigate : WAN: Public IP LAN Interface: 172.30.10.0/24
Fortigate : WAN: Public IP DMZ Interface: 192.168.10.0/24
Monowall: WAN: 192.168.10.0/24 LAN: 192.168.1.0

I want to ping from
172.30.10.0/24 --> 192.168.1.0/24
What kind of static routes do I need to set?

On the fortigate I created:
Destination: 192.168.1.0/24 GW: 192.168.10.4 Interface: DMZ

When I do a traceroute from the Internal Net it jumps to 192.168.10.4 (WAN of Monowall) but is stuck there. What do I need to configure to make my monowall forward the Request from the private Net to the LAN Clients?

Thank you very much for your help

This person probably won't get this response since it's been so long but for everyone else that might have this situation I have the solution. The reason he was unable to ping from the 172... network was because the default gateway THAT network was using didn't have a static route telling the gateway where the 192.... network was and where to send clients wanting to access it. Solution is to log into the default gateway router for the 172... network and adding a static route for the 192... network with the monowall WAN port and the gateway. Hope this helps anyone out there.