Access VIP from internal interface

Forum|Forum|8 years ago
April 23, 2018
1 reply
8186 views

Hi!

i have a fortiGate 100E with architecture like in this diagram:

i have a VIP that make snat from WAN1 (1.1.1.1) to server 10.0.0.1 and its working well from WAN.

guest network configured to go out via WAN2 interface, and i need to allow to guest users to access the server with the VIP address (1.1.1.1),

i tried to create a policy to allow connection from guest network to lan network via the VIP in destination and nothing, i think there is any routing issue but i realy dont know what.

please your help,

Thanks!

Capture1.JPG

5.4

Best answer by Sudarsan_Babu

Hello,

1. Check routing distance & Priority are same .

2. Check Guest network routed through 10.0.0.0/24.

Sudarsan_BabuAnswer

New Member

Hello,

1. Check routing distance & Priority are same .

2. Check Guest network routed through 10.0.0.0/24.

rwdorman

New Member

I've dont this for Internal networks accessing VIP's by doing an Internal -> Internal policy. I would do a diag debug flow to check how routing and NAT are being applied.

rwpatterson

New Member

Create a policy from WANx to internal, but make the source the INTERNAL subnet and the destination the Virtual IP, no NAT. See if that works. (Are you sure it is a source NAT? Virtual IP is a destination NAT) Years ago I had to 'hack' the infrastructure to do just this.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded