- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate FG60D two WAN routing issue
God day.
Need help in configuring my fortigate with 2 WAN ports One network through port wan1 have office internet and mail server with VIPs second network through port WAN2 have wifi guest network The problem is that from WAN2 it is impossible go to WAN1 mail server OWA page.
WAN`s taken from one internet provider with different IP and have different distance, internet to WAN2 set up through Routing policy.
Can anyone help?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Let me see if I understood your question :
You're saying that Guest users are not able to surf to OWA page ?
OWA page uis behind the WAN1 interface with VIP configured.
Guest users are surfing the inernet through WAN2.
Correct me if I understood your question incorrectly !
- Why should the guest user go outside to internet and then ge back to you FGT device and search for the VIP to OWA page ?
You can just create DNS database with static resolve to the internal IP and assign the DNS database to the WAN2 interface:
for example:
FW (dns-server) # show config system dns-server edit "WAN2" next end
FW # config system dns-database FW (dns-database) # show config system dns-database edit "OWA" set domain "yourdomain.com" set authoritative disable config dns-entry edit 1 set hostname "owa" set ip 172.16.1.12 next end
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the answer. Yes, in general, you understood correctly. The question why users from the guest network access - many users use corporate mail on smartphones, and at the moment it does not work on the guest wifi. If I can clarify, for that moment no access to Fortinet portal, Exchange OWA and Exchange and Exchange ActiveSync from WAN 2 to WAN 1.
LAN 1 192.168.0.1 go outside to WAN1 1.1.1.1
LAN 2 192.168.5.1 go outside to WAN2 1.1.5.1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You need U turn policy from guest to LAN with destination mail VIP .This will work .
Regds,
Ashik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ashik wrote:Hi,
You need U turn policy from guest to LAN with destination mail VIP .This will work .
Regds,
Ashik
Hi, thanks for the answer. Can you explain more or write an example? I tried to set up access by route policy from guest LAN to WAN1 and up access by ipv4 policy from guest LAN to office LAN without results.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Suppose you have eg : OWA-VIP like 85.245.45.45 -192.168.10.1
Create a policy - guest to Lan and in the destination field select OWA-VIP.
No NAT enabled .This will work .
Regds,
Ashik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
There is a problem, OWA-VIP attached to WAN1 and in the option destination that you offer it is impossible to specify VIP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
VIP should not be attached to any interface .So you can reconfigure the VIP to do to create U turn rule .
Regds,
Ashik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
For now, without result.
I created a rule from guest lan int. to office lan int. source all and destination OWA-VIP
Still can`t connect to owa from guest network to OWA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
For now, without result.
I created a rule from guest lan int. to office lan int. source all and destination OWA-VIP
Still can`t connect to owa from guest network to OWA