Hair-pinning VIP - from DMZ to LAN

Forum|Forum|8 years ago
April 10, 2018
1 reply
4677 views

Hello,

one thread closed, next opened ;)

We're trying to hair-pinning some internal Server, which are in the DMZ and accessed from the LAN over the VIP-IP.

Unfortunately, the official cookbook guide from fortinet couldn't help me.

Which rules I have to set in the fortigate for this doing?

5.6

dmcquade

New Member

How is you VIP setup? If you leave the interface set to ANY, you do not need hair-pinning. The VIP address will be available from both the public facing and internal interfaces. You can then create a rule allowing internal addresses sourced from the internal port to the destination VIP on the DMZ interface.

HTH

d

nintoxAuthor

New Member

Thanks for your help!

Hey, I fixed it. For this you need a Policy Route and in this policy you have to stop all policys from dmz to lan. Button is "Stop policy routing"

Now i can connect to a forwarded lan server port from dmz

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded