We have an app we're developing. The app gets data from https://www.mywebsite.com. This website is located internally on our network and uses a VIP to change from 443 to our internal port. Our external WAN address is a DHCP address. We don't need a static IP because the app is just in development and our IP hardly ever changes. If the app is on a phone using a phone network it can reach the internal server fine, but when we test it internally it can't connect to the server. I've watched some videos and read some docs, but their solutions just don't work. I'm running a 61f with 7.2.5 on it. Any experts have any ideas on how to make this work?
If you are connecting internally why do you go via the DHCP WAN IP, instead you could resolve this directly to the internal server IP right ?
Anyway, First thing you need to check is, if the Internal DNS server resolve this name https://www.mywebsite.com to your DHCP WAN IP or your actual internal server IP. If the resolution if fine, then you need a Firewall policy from Internal to Internal to allow this communication where Destination is VIP and Source would be your internal network. VIP should be configured with Interface set as "ANY".
It seems like you're encountering an issue where internal clients can't connect to an internal server using its external address. Implementing Hairpin NAT can solve this. On your router/firewall (with version 7.2.5), you'll need to create a NAT rule that translates the source and destination address for internal clients attempting to access the server via the external DHCP WAN address. This will allow internal clients to use the external URL, redirecting the traffic back to the internal server, thereby solving your connectivity issue.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.