DescriptionThis article provides an example of the configuration needed for Hairpin NAT when the private IP being accessed through a Public IP is on a LAN on the other side of a VPN.
ScopeSolutionconfig firewall vip
edit "VIP"
set extip 190.109.171.189
set extinf "wan1"
set mappedip 172.20.0.8
next
config firewall policy
edit 1
set srcintf "wan1"
set dstintf "vpn_azure"
set dstaddr "VIP"
set action accept
set schedule "always"
set service "ALL"
next
end
config firewall policy
edit 2
set srcintf "internal"
set dstintf "wan1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set nat enable
next
end