Hi Guys,

I need to allow guest users access to my DMZ mail server using the public natted IP and not the real DMZ private IP.  

From what I have read on the forums about this, it seems I need to configure hair pin nat for this to work. Could someone please let me know the settings need to be done for it to work..

device : Fortigate 311 B

Details of traffic flow :

Source interface  -  Port1 ( Internal )

Source Address - 10.0.135.0/24

Destination interface : Port5 (DMZ)

Destination Server real IP : 192.168.100.10

Wan 1 -  94.10.12.1

Wan 2 - 94.10.13.1 

VIP details :   (Wan1) 94.10.12.2 ->  192.168.100.10

Wan1 to Port5 policy with destination as VIP is already configured and works fine for hosts on the internet.

There is a policy route configured to route internet traffic from 10.0.135.0/24  forcing it to go out through Wan2.

Thanks,

Austin