VIP for CCTV access

Forum|Forum|9 years ago
April 19, 2017
1 reply
7426 views

Dear team,

I want to configure VIP for CCTV so that i can access it from outside. My firewall WAN 1 IP is 192.168.0.9 (DHCP) which takes from ISP modem as between ISP - firewall there is ISP modem. On ISP mode my public IP is 27.4.198.161. ISP modem gives private IP to firewall. My internal LAN IP is 192.168.1.0/24. CCTV IP is 192.168.1.180. VIP created 27.4.198.161=192.168.1.180 then policy created. But i found it wasn't working. I am also unable to ping 27.4.198.161.

Please guide me what i need to do.

PFA of diagram

Altamash

8291293854

MikePruett

New Member

The best thing (from a troubleshooting and just simplicity stand point) would be to get the ISP to place the modem in bridge mode. This way, your FortiGate would get the external IP. From there you can just create a VIP and assign the proper ports or IPs to the internal address space for the CCTV.

ansari_altamashAuthor

New Member

Thanks for it ... Any route neede on ISP modem... Or any other way to configure

ede_pfau

SuperUser

As @MikePruett has posted: the modem gets the public IP address, not your FGT. The VIP won't work as the WAN port of the FGT will never see traffic with destination = public IP.

You have to change the modem config:

- either switch it into bridge mode and put the credential (username+pwd) onto the FGT or

- configure an "exposed host" (a.k.a. port forwarding) on the modem so that all traffic to the public address gets redirected to the FGT. Then use a VIP configured like you already did.

These are your options.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded