Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ITAxess
New Contributor

Created on ‎10-28-2013 11:22 PM

How to access internal Website over VIP from LAN?

Hallo! I have a Webserver in my LAN: 10.0.0.30 with open Port 14000 and assigned a VIP: 123.123.123.123 From the Internet, I can access the Website: http://123.123.123.123:14000 PROBLEM: I need to access this website from the LAN 10.0.0.0/24 via the external URL http://123.123.123.123:14000 At the moment, I can only access the Website from the LAN with the URL http://10.0.0.30:14000 How can I configure that?
7482
0 Kudos
10 REPLIES 10
rwpatterson
Valued Contributor III

Created on ‎10-29-2013 11:51 AM

What model switch?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
4015
0 Kudos
rwdorman
New Contributor III

Created on ‎10-29-2013 03:00 PM

You need to create an Inside -> Inside policy with the destination being the VIP. I just ran into the same issue the other day.

-rd 2x 200D Clusters 1x 100D

1x 60D FortiOS 5.2 FortiAP 221C FAZ 200D

-rd 2x 200D Clusters 1x 100D 1x 60D FortiOS 5.2 FortiAP 221C FAZ 200D
4015
0 Kudos
danto
New Contributor

Created on ‎11-20-2013 02:28 AM

Hi, I' ve tried the policy Inside->inside but it does not work.
There is no patch for human stupidity...
There is no patch for human stupidity...
4015
0 Kudos
billp
Contributor

Created on ‎11-20-2013 08:50 AM

This thread has some additional information on this topic: http://support.fortinet.com/forum/tm.asp?m=99708&appid=&p=&mpage=1&key=hairpin&language=single&tmode...

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1

Bill ========== Fortigate 600C 5.0.12, 111C 5.0.2 Logstash 1.4.1
4015
0 Kudos
Dave_Hall
Honored Contributor

Created on ‎11-20-2013 09:38 AM

If your web server is accessible via DNS, you may want to consider DNS translation.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
4015
0 Kudos
AtiT
Valued Contributor
In response to Dave_Hall

Created on ‎11-21-2013 01:26 AM

Hi, I' m not sure but maybe enabling the NAT (bind to FTG interface) can help.

AtiT

AtiT
4015
0 Kudos
ITAxess
New Contributor

Created on ‎11-22-2013 01:19 AM

DNS Translation is the Solution config firewall dnstranslation THANKS!!!
4015
0 Kudos
Fullmoon
Contributor III
In response to ITAxess

Created on ‎11-22-2013 01:52 AM

ORIGINAL: ITAxess DNS Translation is the Solution config firewall dnstranslation THANKS!!!
Hi, what do you mean by your statement?have similar problem too. thanks

Fortigate Newbie

Fortigate Newbie
4015
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎11-22-2013 04:25 AM

DNS translation will substitute the resolved IP address of a DNS query to another IP address. In your case, if internal users access " www.myweb.com" they will not get " 72.3.45.6" (public IP address) but " 192.168.4.4" (internal address) as reply. For details, see FortiOS CLI Guide, pg. 98 (for v4MR3).
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
4015
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.