Skip to main content
Everstay
Everstay
New Member
March 12, 2024
Question

Fortinet VPN/DMZ - local website accessible from outside of network

  • March 12, 2024
  • 1 reply
  • 6829 views

Hello,

 

Im unsure how to properly word my question so bare with me.

 

We're currently running Fortigate as our firewall and vpn to which we connect from outside of our network to work remotely when needed. We're also in process of implementing an employee web panel, which needs to be accessible from outside of our network.

 

Im new to fortinet and unsure how to properly set it up. We have a public ip that we use for vpn connections, and I'd like to use that ip address to redirect web traffic from specific port to local ip

 

Example:

local web panel address: 10.1.2.63 (running default on port 8080 (this will be changed at later date - lets use this as example though)

public vpn ip address (not actual, just random for example purposes): 83.0.109.50.

 

Now, what do i need to do to be able to use 83.0.109.50:8080 outside of my network to access that web panel (83.0.109.50:8080 will point to 10.1.2.63 locally)

 

Please feel free to ask any questions for information i might've missed.

Many thanks for your assistance!

 

 

1 reply

ozkanaltas
ozkanaltas
Valued Contributor III
March 12, 2024

Hello @Everstay ,

 

You can use VIP (dnat) for your request. You can review these links for how to create VIP object on Fortigate. 

 

https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/155333/virtual-ips-with-port-forwarding

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Virtual-IP-VIP-port-forwarding-configuration/ta-p/198143

 

 

    Everstay
    EverstayAuthor
    New Member
    March 12, 2024

    Hey! Many thanks for your reply. Im getting an error unfortunately

    "

    • The extip is overlapped with the gateway of static route.
    • Object check operator error, -5, discard the setting."

    I've gathered its because of the external ip address - i dont have any virtual ips defined - this will be the first one, and the external ip im using is also used for vpn connections - is that a problem?

    ozkanaltas
    ozkanaltas
    Valued Contributor III
    March 12, 2024

    Hello @Everstay ,

     

    If you use a different than ssl-vpn port for your web server, there will be no problem.

     

    For example, if you use 443 for ssl-vpn. You can use 8080 or 8443 for a web server.

     

    But the interesting thing is this "The extip is overlapped with the gateway of static route.". Which IP address did you try to configure VIP? Your public IP address or your gateway address?

      Terms & ConditionsAccessibility statement