Skip to main content
G3n0c1de
G3n0c1de
New Member
September 17, 2015
Question

[SOLVED] No Traffic to VIPs routing to Exchange server

  • September 17, 2015
  • 4 replies
  • 14261 views

My office recently had to switch to a wireless modem with a single public IP address. I never configured the old modem, so I'm fairly inexperienced with fortinet's systems.

 

The router we're using is a FortiWifi 50B, running FortiOS 3.0.  The firmware version is FortiWiFi-50B 3.00-b0668(MR6 Patch 2). Yes, it's old.

 

The router connects our private office network to the internet.  On our network is an exchange server to handle our email.  The email is handled by several VIP rules which route the traffic to different ports on the exchange server.

 

For whatever reason, Outbound email works, but I'm monitoring the VIPs and no traffic is hitting them.

 

I'm pretty sure it's an IP issue within the VIP configuration.  Currently for the external IP I have it set to the public IP address given by the modem.  I have also tried the internal IP address of the modem from which the router gets its connection.

 

I only have one IP to give to the VIPs, and in the past I think there was a separate static IP that handled the emails.  Is using only one IP for both the network and the VIPs causing a conflict?

 

EDIT: I got it to work.  It turns out that it was a port forwarding issue.  Our modem didn't allow traffic through the ports the VIPs needed by default.  I also had to change the IPs that the VIPs were looking for to be the IP of the modem.

    4 replies

    gschmitt
    gschmitt
    New Member
    September 17, 2015

    Uhm quick question... did you change the MX/A/PTR Records for your mailserver?

    Ali_FCNSP
    Ali_FCNSP
    New Member
    September 17, 2015

    Public IP is on fortigate itself or on the ISP router ?

    G3n0c1de
    G3n0c1deAuthor
    New Member
    September 17, 2015

    @gschmitt: I changed those records to point to our new public IP address.

     

    @Aliakber_kuwait: The public IP is coming from the modem, I believe.  The fortinet router is connected to the modem on WAN1 in DHCP mode.  So perhaps I need to set the VIP's to handle traffic from the modem IP?

    gschmitt
    gschmitt
    New Member
    September 18, 2015

    G3n0c1de wrote:

    @Aliakber_kuwait: The public IP is coming from the modem, I believe.  The fortinet router is connected to the modem on WAN1 in DHCP mode.  So perhaps I need to set the VIP's to handle traffic from the modem IP?

    You marked your question as solved but from the replies it doesn't look like it is

    It depends on your modem, if you can set the modem to "passthrough" or "dmz" mode (without nat) you don't need to change your VIP object

    G3n0c1de
    G3n0c1deAuthor
    New Member
    September 18, 2015

    I edited the main post with how I solved it.

     

    And I wanted to get IP passthrough working, but for whatever reason it couldn't work.

    Ali_FCNSP
    Ali_FCNSP
    New Member
    February 14, 2016

    What i use to do is If you have public IP on your modem/router, make the default dmz server address to your firewall WAN interface, so that all traffic for that public IP will reach the fortinet firewall and then you could make the VIP and policy with the Fortigate WAN IP (not the public IP)

    Find attached snaps

    Ali_FCNSP
    Ali_FCNSP
    New Member
    February 14, 2016

    policy

    Terms & ConditionsAccessibility statement