Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sferreira
Staff
Staff

Created on ‎05-05-2017 03:39 PM

Technical Note: Hairpin NAT VPN configuration example

Description
This article provides an example of the configuration needed for Hairpin NAT when the private IP being accessed through a Public IP is on a LAN on the other side of a VPN.

Scope




Solution
config firewall vip
     edit "VIP"
         set extip 190.109.171.189
         set extinf "wan1"
         set mappedip 172.20.0.8
    next 

config firewall policy
    edit 1
           set srcintf  "wan1"
           set dstintf  "vpn_azure"
           set dstaddr  "VIP"
           set action accept
           set schedule "always"
           set service "ALL"
      next
end

config firewall policy
    edit 2
           set srcintf  "internal"
           set dstintf  "wan1"
           set srcaddr  "all"
           set dstaddr  "all"
           set action accept
           set schedule "always"
           set service "ALL"
           set nat enable
      next
end

4016
0 Kudos
Contributors

Contact Us