Hello All,
I'm new to Fortigate, so be gentle :)
I have a Fortigate 400F that's set up and working, connected to the internet through a cellular router (temporary for now) that gives the fw a dynamic IP on the WAN port. I want to route https traffic from the WAN port to an internal IP address. I've followed the admin guide (FortOS 7.2.10), followed multiple online articles and youtube tutorials, and although the setup seems very simple and easy to understand but I cannot seem to get it to work.
My basic understanding of the process is:
1) Create virtual IP with source address of 0.0.0.0 mapped to my internal ip 10.35.1.11 and select port forwarding of 443.
2) Create firewall policy to accept traffice from WAN interface to Internal Interface, source = any, destination = internal IP, service = https.
To rule out my ISP being the problem, I tried to just connect directly to the WAN port with my laptop, set the IP of the WAN interface to a static address, set my laptop to an IP on the same subnet and tested by it doesn't work. I feel like I'm missing something really simple here.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The destination on the policy has to be the VIP. This example is for central NAT but policy based NAT config should be the same.
https://community.fortinet.com/t5/Cybersecurity-Forum/Creating-a-VIP-on-Fortigate-using-a-Dynamic-IP...
Toshi
IIRC for this to work you also need to set the interface in the VIP for it work.
The destination on the policy has to be the VIP. This example is for central NAT but policy based NAT config should be the same.
https://community.fortinet.com/t5/Cybersecurity-Forum/Creating-a-VIP-on-Fortigate-using-a-Dynamic-IP...
Toshi
IIRC for this to work you also need to set the interface in the VIP for it work.
Thank you both... this worked! I happened to find a YouTube video that showed the policy mapping to the VIP, which I hadn't done previously. I had the policy mapped to the IP address of the internal server. Once I made that change, the mapping worked. Thank you for your help.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.