Hi there,
So I've got a 1500D.
The first policy is this one:
Source: subnet1
Destination: a DNAT VIP mapping 70.12.5.7 to 70.12.5.67 (just an example I don't know these IPs)
Port: 465
And the second policy is this one:
Source: all
Destination: 70.12.5.7
Port: 465
Problem: when I try to reach 70.12.5.7 with an IP outside of sunbnet1 I am redirected to 70.12.5.67. I don't want that, I want only IPs in subnet1 group trying to reach 70.12.5.7 to be redirected to 70.12.5.67.
I know that the fortigate does the DNAT before the policy lookup, so what do I have to modify ti have the policies working like I want ?
Thanks for your help.
Hey,
To do what you want, you need to specify the source network in your Virtual IP rule.
You can do that under VIP Rule -> optional filters -> Source address, doing this configuration your DNAT will be applied only for the subnet you configured there, in this case, subnet1.
CLI:
config firewall vip
edit "your rule"
set src-filter subnet1/24
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.