Can' t Connect to VIP from LAN

yusaku · ‎06-02-2014

Hi, i' m having problem accessing the Mapped WAN IP from LAN. We have a web server running inside our LAN. we are setting up to allow access from WAN to this Web Server. MIP Setting for WebServer LAN IP : 10.168.1.10 -> Mapped to 115.42.171.4 the Firewall policy is fairly simple. Allow all from LAN -> WAN Allow all from WAN -> MIP the odd thing is when i do tracert to the WAN IP, it does not passtrough the gateway. what am i missing here ? Thanks yusaku

rickards · ‎06-04-2014

Hi Heres some documentation on how to do this: http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD33976&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=51558292&stateId=0%200%2051556597

oheigl · ‎06-04-2014

Hi Rickards, do you know the disadvantage of using any as interface in a virtual IP? For example I just stumbled across the problem, that the SSL-VPN portal is not reachable from the internal network, if a port forwarding with any interface is activated with the same address of the portal IP. Although it' s working fine from the WAN side. Do you know this issue? Kind regards, Oliver

rickards · ‎06-04-2014

Hi Oliver Did not know this issue but what is the reason to use the sslvpn portal from the internal network? Thanks for your input

oheigl · ‎06-05-2014

Hi Rickards, well it' s convenient for the IT technician to test the SSL-VPN in a fast way, if colleagues complain about a none working VPN. Because most of the SSL-VPN problems are caused by a hanging process, or high memory usage. Otherwise you need some mobile data card to test it from external, and disconnect your workstation before it and so on. It would be great to know what exactly changes if the interface is set to any, I can' t find anything in the documentation (handbook, CLI guide,...) Kind regards, Oliver