Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Route to public IP in DMZ



From ISP I have:

Subnet 1 with IP .206/30.

Subnet 2 with IP .216/30


Subnet .216/30 is routed to subnet .206/30 by ISP.


Behind the FGT, connected to DMZ, is a PBX with IP .218. DMZ is configured with IP .217.

PBX is configured has DMZ as GW. In FGT I have VIP with IP .218 and FW rule without NAT.


I can ping .217 from outside, but .218 is not responding. When I look at traffic in FGT I can see traffic with dst for .218, but no response.

Any ideas why this is not working?

Esteemed Contributor III



Q: how many hosts can you address in a /30 network?

A: only 2. 3rd address is network, 4th is broadcast.


With a given /30 you cannot use more than 2 addresses.


"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"


Yes, the (PBX) subnet consists of GW (FGT DMZ) .217 and PBX .218.

That shouldn't be a problem.


Some screenshots of config:


Edit: [strike]for troubleshooting purposes I tried connecting a PC to DMZ with .218 as IP. PC was unable to ping GW .217 and I sniffing did not show any traffic.[/strike]

I am now able to ping both from firewall to PBX and vice versa.

Esteemed Contributor III

So your PBX has .218/30 public IP. Why do you need the VIP? It's just routing to direct & policy to allow. 

New Contributor

Never mind. It turned out to be some previous troubleshooting config creating problems. I got it working now.

Top Kudoed Authors