Yup I've done that and the firewall is just dropping the packet saying status "timedout"
it's just wierd that the the outbound rule is source natted to a VIP ip address even though the firewall policy is saying use the interface IP. That VIP ip is not even configured as an IP pool and not used for any outbound traffic.
I am just crowdsourcing if this is a pretty common behaviour on a Fortigate firewall
That does not make sense, the diag debug flow should a match or deny . Can you post the output ( debug ) and the fwpolicy(s) involved? ( the output of deiag debug flow and where it says SNAT and the full firewall policy
show full firewall policy<xxxx>
show full firewall vip < xxxxxxxxxxxxxx>
Xs = policyid# and or name as it related to vip
So in your case, you have a DNAT-VIP being matched on outside traffic ? and that timeout ? Also do you have set set nat-source-vip enable on the VIP or central nat?
The inbound DNAT-VIP is working fine but its just weird that the outbound traffic for that specific internal server is natted to the public IP used on that VIP. Even though the outbound policy says use the interface IP.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.