Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

ReinOter
New Contributor

comunicate two host on the same vlan, on the same firewall between INTERNET

Hello everybody,

Actually i need to comunicate two host on the same vlan conected to the same firewall interface but trought its public IPs

host 1: 192.168.0.1/24
host 2: 192.168.0.2/24
GW for both: 192.168.0.10


gateway/firewall interface: 192.168.0.10/24

public ip-host1:5.5.5.5
public ip-host2:6.6.6.6

i need that host1 comunicate with 6.6.6.6 and host2 comunicate to 5.5.5.5 and don't use its private IPs

how this can be possible, all connected to the same fortigate?
3 REPLIES 3
KenMick
Staff
Staff

This seems rather unusual but you should be able to accomplish your goal with virtual IP's.

1. Ensure you have 5.5.5.5 and 6.6.6.6 bound to a WAN interface
2. Create a virtual IP for each public IP to private IP
3. Create firewall policy allowing traffic.  Make sure you select your virtual IP objects for the destination.



------------------------------
Ken
------------------------------
[FirstName]
[JobTitle]
ReinOter

Hi Ken,

about 2 and 3 im ok but what do you mean with bound to a wan interface ?

Thanks,
aagrafi1
New Contributor III

Hello,

 

If I understood your question correctly, you want to implement hairpin NAT. Please have a look at this article, as I think this is what you are looking for: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-Hairpin-NAT-VIP/ta-p/195448

 

Regards

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.