Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rohitchoudhary1978
New Contributor III

Issue related to application licensing in different vlan

Dear All,

I am using FGT400E and I am facing issue with an application named "Tally" which is used for accounting purpose. This application server is installed on a server with IP : 192.168.1.2/24 Port 9999 and working fine in the same network [VLAN 1]. But if i want to shift this server in DMZ with different IP : 195.195.61.2/28 [VLAN 61] and want to access it through IP : 192.168.1.x/24 [VLAN 1] it can't be accessible with the error "Client system is not directly connected to the same LAN where license server is connected. License server cannot serve the license for this client." I researched the application licensing model and find that the application server used the broadcast domain for licensing which is UDP. Do i need a separate cisco router to extend the lan and use ip helper-address ? Please help me to get this connected through fortigate only as i want to use it through other vlan and vpn also.

 

Rgds

Rohit K

Rohit K
Rohit K
4 REPLIES 4
rwpatterson
Valued Contributor III

The quick and dirty answer would be to create a policy from that new subnet just to the server, and enable NAT on the policy. This will force connecting traffic to use the IP interface of the Fortigate which is on the same IP subnet as the server. Place this policy above any others between the two subnets. Policies are used in a top-down first come, first served basis. Best practice is to place the more concise policies at the top and the general ones at the bottom.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
rohitchoudhary1978

Hi, It works. SSL vpn is also an alternate way, just need to assign the same ip range 192.168.1.10-20 for SSL VPN IP Pool and it works too (Now it works globally).

 

Regards

Rohit K

Rohit K
Rohit K
vipinv1989

Hi Rohith

i am having same problem here can you please help me how to do it. am not good in firewall ?

vigneshkumar
New Contributor

Hi Team ,

We have a fortigate firewall 100d where our tally is behind the core switch but tally is 192.168.10.x and gateway is core switch and default gateway for core is firewall its 192.168.1.x mgmt network here my ssl vpn users connected tally segment but cannot access the tally if i enable the nat and set the dynamic ip as tally segment.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors