Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Shagma
New Contributor

Route to public IP in DMZ

Hi!

 

From ISP I have:

Subnet 1 with IP .206/30.

Subnet 2 with IP .216/30

 

Subnet .216/30 is routed to subnet .206/30 by ISP.

 

Behind the FGT, connected to DMZ, is a PBX with IP .218. DMZ is configured with IP .217.

PBX is configured has DMZ as GW. In FGT I have VIP with IP .218 and FW rule without NAT.

 

I can ping .217 from outside, but .218 is not responding. When I look at traffic in FGT I can see traffic with dst for .218, but no response.

Any ideas why this is not working?

4 REPLIES 4
ede_pfau
Esteemed Contributor III

hi,

 

Q: how many hosts can you address in a /30 network?

A: only 2. 3rd address is network, 4th is broadcast.

 

With a given /30 you cannot use more than 2 addresses.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Shagma

Hi!

Yes, the (PBX) subnet consists of GW (FGT DMZ) .217 and PBX .218.

That shouldn't be a problem.

 

Some screenshots of config: https://imgur.com/a/jVz1O

 

Edit: [strike]for troubleshooting purposes I tried connecting a PC to DMZ with .218 as IP. PC was unable to ping GW .217 and I sniffing did not show any traffic.[/strike]

I am now able to ping both from firewall to PBX and vice versa.

Toshi_Esumi
Esteemed Contributor II

So your PBX has .218/30 public IP. Why do you need the VIP? It's just routing to direct & policy to allow. 

Shagma
New Contributor

Never mind. It turned out to be some previous troubleshooting config creating problems. I got it working now.