From ISP I have:
Subnet 1 with IP .206/30.
Subnet 2 with IP .216/30
Subnet .216/30 is routed to subnet .206/30 by ISP.
Behind the FGT, connected to DMZ, is a PBX with IP .218. DMZ is configured with IP .217.
PBX is configured has DMZ as GW. In FGT I have VIP with IP .218 and FW rule without NAT.
I can ping .217 from outside, but .218 is not responding. When I look at traffic in FGT I can see traffic with dst for .218, but no response.
Any ideas why this is not working?
Q: how many hosts can you address in a /30 network?
A: only 2. 3rd address is network, 4th is broadcast.
With a given /30 you cannot use more than 2 addresses.
Yes, the (PBX) subnet consists of GW (FGT DMZ) .217 and PBX .218.
That shouldn't be a problem.
Some screenshots of config: https://imgur.com/a/jVz1O
Edit: [strike]for troubleshooting purposes I tried connecting a PC to DMZ with .218 as IP. PC was unable to ping GW .217 and I sniffing did not show any traffic.[/strike]
I am now able to ping both from firewall to PBX and vice versa.
So your PBX has .218/30 public IP. Why do you need the VIP? It's just routing to direct & policy to allow.
Never mind. It turned out to be some previous troubleshooting config creating problems. I got it working now.