Problem with VIP / Port Forwarding

championc1 · ‎10-20-2024

What am I missing here ? My traffic is hitting my WAN address, but is not hitting the LAN. First of all, this is on an old 90D that I am playing with, so it's on it's highest release of 6.0.18

I am trying to hit a server inside my network from the outside. My ISP router is outside the Firewall, and has all ports Port Forwarded. I can see the traffic hit my Firewall

Spirit-FW # diag sniffer pack any "port 22" 4 0 a
interfaces=[any]
filters=[port 22]
2024-10-20 20:10:27.049346 wan1 in 93.107.205.221.41489 -> 192.168.1.17.22: syn 3251867515 
2024-10-20 20:10:28.057670 wan1 in 93.107.205.221.41489 -> 192.168.1.17.22: syn 3251867515

But it won't hit my inside LAN. I have a fully open Any Src / Any Dst / All services rule in place

I have a Virtual IP for 192.168.1.17 --> 10.10.5.100 (TCP: 22 --> 22)

Doing a Packet Capture too confirms the traffic to the WAN, but never his the LAN Interface

I'm sure that this is something stupidly simple that I am overlooking :(

Thanks in advance

Cormac Champion

hjhajj · ‎10-23-2024

@championc1 Kindly make sure that there is a firewall policy from wan to LAN with destination as VIP .

Please refer to the following document
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Virtual-IP-VIP-port-forwarding-configurati...

In case the issue persists, kindly provide the following debugs

diagnose debug enable

diagnose debug flow filter addr 192.168.1.17

diagnose debug flow show function-name enable

diagnose debug flow trace start 100

Problem with VIP / Port Forwarding

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website