Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ITAxess
New Contributor

How to access internal Website over VIP from LAN?

Hallo! I have a Webserver in my LAN: 10.0.0.30 with open Port 14000 and assigned a VIP: 123.123.123.123 From the Internet, I can access the Website: http://123.123.123.123:14000 PROBLEM: I need to access this website from the LAN 10.0.0.0/24 via the external URL http://123.123.123.123:14000 At the moment, I can only access the Website from the LAN with the URL http://10.0.0.30:14000 How can I configure that?
10 REPLIES 10
rwpatterson
Valued Contributor III

What model switch?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
rwdorman
New Contributor III

You need to create an Inside -> Inside policy with the destination being the VIP. I just ran into the same issue the other day.

-rd 2x 200D Clusters 1x 100D

1x 60D FortiOS 5.2 FortiAP 221C FAZ 200D

-rd 2x 200D Clusters 1x 100D 1x 60D FortiOS 5.2 FortiAP 221C FAZ 200D
danto
New Contributor

Hi, I' ve tried the policy Inside->inside but it does not work.
There is no patch for human stupidity...
There is no patch for human stupidity...
billp
Contributor

This thread has some additional information on this topic: http://support.fortinet.com/forum/tm.asp?m=99708&appid=&p=&mpage=1&key=hairpin&language=single&tmode...

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
Dave_Hall
Honored Contributor

If your web server is accessible via DNS, you may want to consider DNS translation.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
AtiT
Valued Contributor

Hi, I' m not sure but maybe enabling the NAT (bind to FTG interface) can help.

AtiT

AtiT
ITAxess
New Contributor

DNS Translation is the Solution config firewall dnstranslation THANKS!!!
Fullmoon

ORIGINAL: ITAxess DNS Translation is the Solution config firewall dnstranslation THANKS!!!
Hi, what do you mean by your statement?have similar problem too. thanks

Fortigate Newbie

Fortigate Newbie
ede_pfau
Esteemed Contributor III

DNS translation will substitute the resolved IP address of a DNS query to another IP address. In your case, if internal users access " www.myweb.com" they will not get " 72.3.45.6" (public IP address) but " 192.168.4.4" (internal address) as reply. For details, see FortiOS CLI Guide, pg. 98 (for v4MR3).

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors