I have two Sites (Site A) using Fortiddns, and Site B using Daillup . There is VPN tunnel between them and it's working fine. I want to make DNAT for my server and it's behind Site B. I don't have public IP Addresd .
it's not working in this scenario?
Solved! Go to Solution.
If I understand well your case, DNAT should be on site-A, mapping the site-A's public IP address to the server's IP address that is located on site-B.
What is not working? Any logs? Any blocked traffic?
If I understand well your case, DNAT should be on site-A, mapping the site-A's public IP address to the server's IP address that is located on site-B.
What is not working? Any logs? Any blocked traffic?
Yes. exactly but I don't have static public IP address. we use Fortiddns . and the two sites connected throw VPN.
In your VIP, you just need to put 0.0.0.0 as External IP address, and it should work.
Yes its 0.0.0.0 . but what I notice if I want to make Ping from Site A Fortigate to the server that behind the Site B Fortigate . the Ping Faile
You need to check if firewall rules allow the traffic on both FortiGates, and your IPsec phase2 selectors on both sites include the communicating sources and destinations.
for source Add that camming from the internet throw the WAN interface the use DDNS . what source add should be
User | Count |
---|---|
2534 | |
1351 | |
795 | |
641 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.