I have a small block of public IPs for various servers I host. Configured Static NAT for them and while some things are working, others are not, on the exact same server. Configured NAT (aka Virtual IP) and policies for my onsite Exchange server. While SMTP (TCP 25) works and I can access that service from a specific external IP, OWA is not accessible from that same IP or any others since the OWA policy is open to all. The SMTP policy is tied to a few FROM addresses to allow traffic on port 25. OWA policy allows 80 & 443 from ALL. Such a basic config duplicated from old firewall that I had to revert to for now since that one works. What am I missing?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It's interesting because the browser gets the SSL cert and verifies it, just nothing is displayed on the page so basically there is a blank but secure https page. So at least half of the communication is working? Switching the firewalls out, the page loads just fine in the same browser.
Have you changed the standard administration ports for http and https? Maybe they overlap with the owa port
No, I have not. I did see the warning "Port conflicts with the SSL-VPN port setting" but made nothing of that since I do not yet have VPN configured, although that will be the next step. Nor did I think this would affect port forwarding since OWA/Exchange server has its own public IP and 1-to-1 NAT. So I can't port-forward 443 to any of the other IPs? That kind of defeats the purpose of having multiple IPs if you can only use each port on ONE IP. I'm sure I'm misunderstanding something?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.