God day.
Need help in configuring my fortigate with 2 WAN ports One network through port wan1 have office internet and mail server with VIPs second network through port WAN2 have wifi guest network The problem is that from WAN2 it is impossible go to WAN1 mail server OWA page.
WAN`s taken from one internet provider with different IP and have different distance, internet to WAN2 set up through Routing policy.
Can anyone help?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Let me see if I understood your question :
You're saying that Guest users are not able to surf to OWA page ?
OWA page uis behind the WAN1 interface with VIP configured.
Guest users are surfing the inernet through WAN2.
Correct me if I understood your question incorrectly !
- Why should the guest user go outside to internet and then ge back to you FGT device and search for the VIP to OWA page ?
You can just create DNS database with static resolve to the internal IP and assign the DNS database to the WAN2 interface:
for example:
FW (dns-server) # show config system dns-server edit "WAN2" next end
FW # config system dns-database FW (dns-database) # show config system dns-database edit "OWA" set domain "yourdomain.com" set authoritative disable config dns-entry edit 1 set hostname "owa" set ip 172.16.1.12 next end
Thanks
Thanks for the answer. Yes, in general, you understood correctly. The question why users from the guest network access - many users use corporate mail on smartphones, and at the moment it does not work on the guest wifi. If I can clarify, for that moment no access to Fortinet portal, Exchange OWA and Exchange and Exchange ActiveSync from WAN 2 to WAN 1.
LAN 1 192.168.0.1 go outside to WAN1 1.1.1.1
LAN 2 192.168.5.1 go outside to WAN2 1.1.5.1
Hi,
You need U turn policy from guest to LAN with destination mail VIP .This will work .
Regds,
Ashik
ashik wrote:Hi,
You need U turn policy from guest to LAN with destination mail VIP .This will work .
Regds,
Ashik
Hi, thanks for the answer. Can you explain more or write an example? I tried to set up access by route policy from guest LAN to WAN1 and up access by ipv4 policy from guest LAN to office LAN without results.
Hi
Suppose you have eg : OWA-VIP like 85.245.45.45 -192.168.10.1
Create a policy - guest to Lan and in the destination field select OWA-VIP.
No NAT enabled .This will work .
Regds,
Ashik
Hi
There is a problem, OWA-VIP attached to WAN1 and in the option destination that you offer it is impossible to specify VIP.
Hi,
VIP should not be attached to any interface .So you can reconfigure the VIP to do to create U turn rule .
Regds,
Ashik
Hi
For now, without result.
I created a rule from guest lan int. to office lan int. source all and destination OWA-VIP
Still can`t connect to owa from guest network to OWA
Hi
For now, without result.
I created a rule from guest lan int. to office lan int. source all and destination OWA-VIP
Still can`t connect to owa from guest network to OWA
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.