NEED: To allow an external KMS server (we trust the external IP) to communicate back and forth with our internal server subnet for Windows activation, BUT...
PROBLEM: the KMS server has to see the traffic coming to it from a trusted IP-space. Our firewall external IP is not in their trusted IP-space, and they don't whitelist IPs from other providers. Can I put policies in place to allow the KMS server to see the IPs of our internal servers? If so, how?
(faked IPs below)
KMS Server: 126.96.36.199
Our firewall External IP: 188.8.131.52 (Fortigate 200E, running FortiOS 7.0.9)
Our internal IP subnet: 184.108.40.206/255.255.255.0 (I believe this is considered trusted IP-space, as these are VMs hosted by the same company that has the KMS server)
I should have added, the KMS server only responds on port 1227.
Thanks for the help,