DMZ with public subnet not working from wan

Forum|Forum|6 years ago
May 15, 2020
1 reply
7747 views

I give FortiGate 60F a try but I stuck with the DMZ configuration.

I have a subnet of public ip addresses configured on the DMZ Interface, and I have connected my Web-Server to this DMZ. I also have configured some Virtual IP's for devices which are located in the internal network and port forwarding is needed.

Now I'm trying to access all this from WAN and the Web-Server is not working. The Virtual IP's are working, so I think my problem is maybe NAT, but I have switched of NAT.

From internal network I have access to the Web-Server.

Is there another system configuration which I missed?

bild1.jpg

TheJaeene

New Member

Hi Orbiter,

could you please tell us if you splitted the public Subnet you have to WAN and DMZ?

To fully understand the issue we need the adresses (could be obfuscated of course)

Most of the times you bind the public IPs on the WAN IF and then you DNAT them via VIP to the respective (private) Address in the DMZ.

If you have a separate Public Subnet on your DMZ IF, the Provider needs to route that Traffic to one of the WAN Interfaces IPs.

Sounds like that may be your problem.

orbiter2001Author

New Member

Thanks for your answer.

WAN1

IP Address: xx.174.184.62/29

Gateway: xx.174.184.57

DMZ

IP Address: xx.174.189.33/29

The DMZ Subnet xx.174.189.32/29 is fully routed to the WAN 1 IP Address.

I Also tried with a computer in the WAN1 network to access the web-server in dmz, this is not working. the Gateway of the computer was set to the WAN1 ip address of the fortigate. so if the routing of the public subnet from provider woudl be wrong then I should be able to access the web-server in this scenario.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded