Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
londonnet
New Contributor III

Fortios 5.4 Carrier Grade NAT webserver

Hi I have a webserver in a DMZ area which is accessed via a VIP and accompanying IPv4 rule.

 

The Wan interface has a Carrier grade NAT address with a one 2 one NAT to a public IPv4 address at my ISP.

 

From the public internet I am able to access my web server just fine. However from my internal network I am not able to resolve the external pubic address to the wan address.

 

If I create a static dns entry in my host file and point the domain name at the wan address I can reach the website fine.

 

So I deduce that my ISP is not forwarding my request back to my wan address or I suspect my forties firewall has no knowledge it is also the public IP address.

 

What's the answer here?

A static route of some kind?

A second IP address on the Wan interface?

Or maybe there is a feature I need to turn on so the firewall knows it is also the public address?

 

Any assistance will be appreciated.

 

Thanks

0 REPLIES 0