We have an app we're developing. The app gets data from https://www.mywebsite.com. This website is located internally on our network and uses a VIP to change from 443 to our internal port. Our external WAN address is a DHCP address. We don't need a static IP because the app is just in development and our IP hardly ever changes. If the app is on a phone using a phone network it can reach the internal server fine, but when we test it internally it can't connect to the server. I've watched some videos and read some docs, but their solutions just don't work. I'm running a 61f with 7.2.5 on it. Any experts have any ideas on how to make this work?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
If you are connecting internally why do you go via the DHCP WAN IP, instead you could resolve this directly to the internal server IP right ?
Anyway, First thing you need to check is, if the Internal DNS server resolve this name https://www.mywebsite.com to your DHCP WAN IP or your actual internal server IP. If the resolution if fine, then you need a Firewall policy from Internal to Internal to allow this communication where Destination is VIP and Source would be your internal network. VIP should be configured with Interface set as "ANY".
Best Regards,
Can you check these:
https://community.fortinet.com/t5/FortiGate/Technical-Note-How-to-use-the-DNS-translation-feature/ta...
https://community.fortinet.com/t5/FortiGate/Technical-Note-Manipulating-DNS-replies-through-the-Fort...
It seems like you're encountering an issue where internal clients can't connect to an internal server using its external address. Implementing Hairpin NAT can solve this. On your router/firewall (with version 7.2.5), you'll need to create a NAT rule that translates the source and destination address for internal clients attempting to access the server via the external DHCP WAN address. This will allow internal clients to use the external URL, redirecting the traffic back to the internal server, thereby solving your connectivity issue.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.