Hi all Device: Fortigate 60D Firmware 5.2.1 build 618 Until one month ago we were using only one WAN, connected to one ISP. We were using some public ip addresses and with the appropriate policy it was possible to connect to some websites hosted internally using the public dns name (example: we have "priv.ourcompany.com", public IP is 33.44.55.66 and also from internal network we were able to connect to this site using the url [link]http://priv.ourcompany.com)[/link] We are now also WAN2, connected to another ISP (and another public IP) and with static routes and policy router we have configured that normally all traffic from internal to wan uses WAN2 (WAN2 is fiber connection, WAN1 is a simple ADSL) But now it is impossible, when we are in the internal LAN, to connect to our internal website using public name and/or ip. All is working correctly if I'm connecting from external. How can I do this path ? internal lan --> wan 2 --> internet --> wan 1 --> internal lan (my web site?)
Thank you
Hi,
I think you should use Hairpin NAT, "match-vip"
However, as you describe it, both the client and server is on the same internal LAN, so you might need to do a policy
LAN -> LAN with "match-vip" enabled (CLI only)
But I´m not sure, as it is a strange setup ;)
Another alternative is to have two DNS servers, one that is public, and one that is internal, on the internal DNS record you just set the internal IP of the server.
External www.mycompany.com -> 195.134.10.10 (for example)
Internal www.mycompany.com -> 192.168.1.10 (for example)
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.