Make a VIP based on dns trying to simulate a reverse proxy?

se7 · ‎03-04-2025

Is it possible to make the Fortigate route traffic in this way:

External dns pointing to fortigate public ip > fortigate external interface > route the traffic based on dns to a internal IP ONLY if it matches the requested dns?

example using other dns names:

google.com > 8.8.8.8 (fortigate external ip) > 192.168.1.200 (internal system)

Essentially asking if the fortigate can serve the same purpose as a reverse proxy which checks source packets trying to match dns and redirect to a local server.

I hope i explained in a understandable way and thanks in advance.

funkylicious · ‎03-04-2025

hi,

something like what you are describing to need is documented here, https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-up-a-VIP-load-balance-with-HTTP-ho...

"jack of all trades, master of none"

View solution in original post

funkylicious · ‎03-04-2025

hi,

something like what you are describing to need is documented here, https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-up-a-VIP-load-balance-with-HTTP-ho...

"jack of all trades, master of none"

se7 · ‎03-04-2025

This was exactly what i was looking for, a big bummer that the 60F doesnt support proxy inspection mode, is it possible to bypass this restriction by using another method or am i completely out of luck regarding this?

Thanks in advance

funkylicious · ‎03-04-2025

downgrade to something lower than 7.4.4 when the proxy inspection was eliminated on appliances with 2GB RAM :<

"jack of all trades, master of none"

Make a VIP based on dns trying to simulate a reverse proxy?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website