Fortigate behaviour when refering to VIPs

Question

Hi all,I have a mail server in the DMZ network configured with a PUBLIC facing VIP.e.g. 203.10.10.10 (vip) -->  192.168.10.10 (email server actual ip) Right now,1) my appservers in the same DMZ network2) my workstations in the LAN networkare sending traffic / referencing the mail server via its. public VIP.(and I am not able to change them) In my firewall policy, q1) for my appserver to mailserver (both in DMZ), do I createDMZ (appserver) -> WAN (mailserver vip) orDMZ (appserver) > DMZ (mailserver actual ip) q2) for my workstation to mail server, do I createLAN (workstation) -> WAN (mailserver vip) orLAN (workstation) > DMZ (mailserver actual ip) q3) when the FIREWALL see a connection from its connected network to its VIP mapping,  does it automatically resolve it to the actual IP and direct traffic to the right interface directly ?

Somashekara_Hanumant · Answer

Hi,

If I understand your requirement, you would like to access mailserver VIP public IP from internal network, if yes kindly refer the below KB article.

http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD31844&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=104169388&stateId=0%200%20104167763

Please do let me know the status.

Regards,

Somu

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded