Hello!
We currently have a Virtual IP setup in our Fortigate 60F and we are setting up Wazuh within our environment. I have been able to get external connections back to Wazuh server however when the devices are on our internal network they can't reach the server. I was hoping to setup routing within the device to overcome this but I have been unsuccessful on getting it to work. Here is a policy route I have:
The blanked-out IP box has the Virtual IP in it. I don't want all traffic to route to this, only when any internal device is trying to get to the Virtual IP.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You don't need policy routing to implement "hairpin VIP". There are multiple discussions in the past in this forum.
Read below KB by @vdralio and try following it.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-Hairpin-NAT-VIP/ta-p/195448
Toshi
Policy route is not a requirement for Hairpin NAT.
Since the connection to Wazuh Server is good from External but not from Internal, I believe you have Source IP restriction on your firewall policy from WAN to SERVER.
Did you tried to add your Private IP Subnet on Source IP?
Also, if you set interface "any" on your Virtual IP configuration, you can try to create firewall policy from LAN to SERVER and put the VIP as destination.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1673 | |
1083 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.