Printers, NAS and other devices on different LANs on the same Fortigate

I started this thread on the network engineering Q&A site.

I have now found the answer to it as well. It’s a weird situation.

I had opened a ticket with Fortinet’s TAC for the printer query which I have posted and he just enabled NAT on the WI-FI interface on which the printer is connected and the issue was resolved.

After this with another client of mine, I faced the same situation this time with an NAS storage device. And voila I had to enable NAT on the interface to which the NAS box was connected to.

For some reason any such device like printers, NAS etc. don’t seem to respond to communication from another subnet on the same fortigate and NAT solves the problem.

The same setup works fine if it was a PC in place of the printer.

UPDATE – 5th Feb 2016

One of those light bulb moments! The printers and NAS devices probably were NOT configured with a default gateway and so they never had a default route to send packets to with a destination IP address other than a directly connected one. They never had a route for any other network other than the one they were directly plugged into!

Hence when NAT was enabled, the printers could reply to the fortigate’s interface IP which would NAT the source IP of the other subnet.

The PCs on the other hand configured with a little more caution had the default gateway and hence would send all packets with unknown IP address to their default gateway.