I was doing some investigations with a FGT110C and why allowaccess is broken. The device is out of contract and runs the 4.3.18 build. Check this out;
Port2 is configured with a secondary address only;
FGT110C # show sys interface port2
config system interface
set vdom "root"
set type physical
set secondary-IP enable
set ip 126.96.36.199 255.255.255.252
set allowaccess ping ssh
We can ping out of this interface with no problems.
But inbound pings or ssh access is broke. Take a look at this diagnostic flow for icmp and ssh;
FGT110C # get sys status | grep Vers
Version: Fortigate-110C v4.0,build0689,140731 (MR3 Patch 18)
Release Version Information: MR3 Patch 18
So I tried the same setup under FortIOS5.2.2 running under a FGT60D;
Interesting so it seems like a problem in 4.3.18.
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix -----a----t---- socpuppets ---dot---com
=( $ # )=