So I have a VLAN that my LDAP servers and FortiGate appliance are on, with a site-to-site VPN connection going to MS Azure. All traffic flows between the LDAP VLAN and the Azure VPN and things work as expected. But I wouldn' t be posting on here if all was well, would I? :) So I created a load balancing virtual ip which is NATed out to the internet for a vendor to authenticate against our LDAP. Behind it sit two real LDAP servers on the LDAP VLAN. Works perfectly. Health check works fine either by TCP port or by PING. HOWEVER, I have another LDAP server on the Azure VPN site which I' d like to add to the mix. Health check constantly reports that this server is down, whether I check via TCP or via ping. Bummer! The policy is set to allow traffic from the entire VLAN' s subnet to Azure, so the FortiGate should have no problem hitting that pesky LDAP server in Azure. Yet, it does. Any insight would be greatly appreciated! Thanks!