Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Fortios 5.4 Carrier Grade NAT webserver

Hi I have a webserver in a DMZ area which is accessed via a VIP and accompanying IPv4 rule.


The Wan interface has a Carrier grade NAT address with a one 2 one NAT to a public IPv4 address at my ISP.


From the public internet I am able to access my web server just fine. However from my internal network I am not able to resolve the external pubic address to the wan address.


If I create a static dns entry in my host file and point the domain name at the wan address I can reach the website fine.


So I deduce that my ISP is not forwarding my request back to my wan address or I suspect my forties firewall has no knowledge it is also the public IP address.


What's the answer here?

A static route of some kind?

A second IP address on the Wan interface?

Or maybe there is a feature I need to turn on so the firewall knows it is also the public address?


Any assistance will be appreciated.



Top Kudoed Authors