I have a problem/question regarding VIP. I have a FortiGate 80C. The situation is the following: I have an Asterisk PBX server on one of the internal ports (Port 3). I have an Internet connection with a static IP address on my WAN2 (e.g. 1.2.3.4). This same Interface on which I have configured a VIP with address 1.2.3.5. This is the private address I use for my PBX. My SIP provider uses IP address 2.3.4.5. There is no authentication for SIP necesary. My IP address is tied to my SIP account. I have configured a firewall policy from WAN2 using the VIP to Port3 using the PBX allowing only SIP protocol. I can receive phone calls from my SIP provider when I call my SIP number. I have also configured a firewall policy from Port 3 using the IP of the PBX going to WAN2 using the IP of the sip provider. Somehow this route is not working as my calls don' t connect. I suspect that the connection is not leaving my firewall with the VIP as my source address, since the connection is originating from my PBX and not from my sip provider (the NAT doesn' t know to translate it back to the VIP). The manual states that translation takes place only when my sip provider is the originating party. How can I check this and how can I make sure that the connection leaving my firewall has the VIP as my source address and not the WAN2 address. I have also tried to implement policy based routing on the connections leaving my fortigate, but I cannot specificy a VIP there. Can anybody offer some advice. Thanks,