Extreme Networks

paulcondonjr · ‎01-02-2021

Hello Everyone

I am currently using a cisco asa migrating to a Fortigate 601E - The operation is pretty basic. We're taking the lan port coming from my extreme core switch X460G2-24t-10G4 and internet port from the asa and moving them to the fortigate 601e Lan and Internet Port. The policies are set up. The X460G2-24t-10G4 Extreme Core Switch is doing all the existing routing. I have validated the default route as going to 172.23.145.254 from the core switch.

If I put a laptop into the fortigate port 2 (lan port) and configure the nic with the following configuration. It works fine.

Laptop IP 172.23.145.250

Subnet: 255.255.254.0

GW: 172.23.145.254

DNS: 8.8.8.8

If I put the lan and wan port back into the ASA.. It works fine.

What am I missing?

Could it be that I need to clear the ARP from the X460G2-24t-10G4 Extreme switch? If so, What are the commands I would issue to properly clear the arp table from this L3 switch?

Thanks in advance

PeterK · ‎01-02-2021

normaly, this should not have to do with the arp entry.

If you disconnect the LAN-Cable on the ASA, you have a link down on the exos-switch. This clears the fdb entry for that port and also the corresponding arp-entry.

You can also check fdb and arp entries on exos-Switch, when you have changed from ASA to Fortigate.

Based on you description, I think you have no routes for the Client IP-Nets on your Fortigate.

What did you check during troubleshooting. Did you a ping from a client (connected to the core) to the Fortigate or did you a ping directly from the core to the Fortigate?

Extreme Networks

Firewall migration - Extreme X460G2-24t-10G4 ARP issue?

Firewall migration - Extreme X460G2-24t-10G4 ARP issue?