Hi all,
I have a mail server in the DMZ network configured with a PUBLIC facing VIP.
e.g. 203.10.10.10 (vip) --> 192.168.10.10 (email server actual ip)
Right now,
1) my appservers in the same DMZ network
2) my workstations in the LAN network
are sending traffic / referencing the mail server via its. public VIP.
(and I am not able to change them)
In my firewall policy,
q1) for my appserver to mailserver (both in DMZ), do I create
DMZ (appserver) -> WAN (mailserver vip) or
DMZ (appserver) > DMZ (mailserver actual ip)
q2) for my workstation to mail server, do I create
LAN (workstation) -> WAN (mailserver vip) or
LAN (workstation) > DMZ (mailserver actual ip)
q3) when the FIREWALL see a connection from its connected network to its VIP mapping, does it automatically resolve it to the actual IP and direct traffic to the right interface directly ?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
If I understand your requirement, you would like to access mailserver VIP public IP from internal network, if yes kindly refer the below KB article.
Please do let me know the status.
Regards,
Somu
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1632 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.