Description |
This article describes how to fix the visibility of the internal network private IP address on the internet through a VIP object. |
Scope | FortiOS. |
Solution |
This can happen with an application server within the internal network that needs to serve users on the internet. Mapping the internal private IP address to a public IP address with VIP is required.
Conditions under which this can happen:
How to check if the internal IP address is visible on the Internet:
The internal IP address can be seen on 'censys search'.
Go to https://search.censys.io/ and enter the public IP address (external IP under VIP configuration on FortiGate). Under 'HTTP 8015/TCP', find TLS > Certificate. Check to see if the internal private IP is visible.
Alternatively, check by entering https://x.x.x.x:8015 in the browser (where x.x.x.x is the public IP address) and then select the certificate details to see if 'Certificate Subject Alternative Name' reveals the private IP.
How to fix:
config firewall ssl-ssh-profile
|