Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Accessing Virtual IP from internal LAN

I have created a " Virtual IP" , mapping an external IP on WAN1 to a internal IP. I then made a policy to allow HTTP from WAN1 to INTERNAL. I can access the HTTP server from the internet, so it works. But when I try to access the server using the external IP from my LAN/INTERNAL, I can' t reach it. This worked ok before. But now I have to use the internal IP to reach the server from our LAN. Any idea how I can make this work again..?
6 REPLIES 6
Not applicable

Still have problems with this. Anyone? The problem is that the computers on the INTERNAL interface can' t access any of the servers using " Virtual IP" . The servers with Virtual IP is accessible from internet, but not from our LAN, when using the Virtual IP.
Not applicable

Strange behaviour I have the same rule for FTP and I can access without problems. I must say it is more logical to access to an internal destination trough...internal source..but if you want do it absolutely in this way I can suggest you to try to recreate the rule and clear the session table before testing it.
Not applicable

One of the reasons I have to make this work, is that we can not access our company webpage from our LAN. www.xxxxxxxx.com is resolved to the external IP of the webserver, and that IP is not accessible from our internal network. Sure, I could ask employees and customers on visit to access the internal IP of our webserver in order to use the company web services, but that' s just to akward to explain. I' ve recreated all routes. What do you mean, clear session table?
Not applicable

Hi, the clear command is implemented on the cli: " diag sys session clear" . This will delete all the tcp/udp/icmp sessions on your box. Good if you try to test something and in the same time you change a rule or something other. Instead of access the web server trough the private Ip, you could add a dns entry on your lan if you have an internal dns and don' t use only an external. Try to give another public to the source and make your test. Does the problem appear on all the clients? Do you have perhaps static dns entry on local hosts table? bye
Not applicable

It' s the same problem with all 15-20 servers running all kinds of services. VPN, Terminalserver, FTP, web, etc. And the problem occurs on all clients, regardless if they' re connected to INTERNAL or DMZ2(our wlan). I can' t change the IP on all client applications on all the laptops in our company every time they enter/leave the building. Tried to get help from support, but they don' t seem to understand why we have to access the servers with the external IP from our LAN... It worked ok before, when we only had WAN1 in use. Maybee it' s just not possible accessing Vitual IP' s when running both WAN1 and WAN2? Anyone tried this?
Not applicable

I found the solution! The error occurs when I add a Policy Route that involves INTERNAL. So if I make a policy route that points the traffic from internal to WAN2, Virtual IP do not work anymore! The solution is to add a policy BEFORE the policy above: internal internal 0.0.0.0/0.0.0.0 192.168.0.0/255.255.255.0 This will make all traffic that " Virtual IP has resolved from a official IP to a internal IP" , go back to the INTERNAL interface. It seems like Fortigate completly looses track of the subnets on all interfaces when add ONE policy route that involves the traffic. Help from Fortinet has been useless. This should be a simple support case!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors