Hello,
I have a problem or maybe lack of knowledge regarding routing in Fortigate. I will describe bellow the problem.
Info regarding setup/hardware:
- one fortigate 100D with firmware 5.4.3
- 2 ISP lines with static IP
- no AD
Info regarding problem:
I have a domain hr.mydommain.com that i need to redirect to an internal server that is not on DMZ. I have made setting on the domain hosting dns to point to one of my public ISP Ip and it works, as i can ping the domain and it points to my ISP public IP.
What i want to do is:
- point this domain for internal LAN to my private LAN IP ( to not go over the Internet)
- redirect all request for this site from WAN to my internal IP.
The site is accessed trough Https, so i made VIP setting in policy&objects/ virtual ip to forward 443 port from public ip to local ip of the server.
So far what i get is:
from lan&wan cannot access the site using CNAME
from lan i can access the site using server name
What do i miss?
Thank you!
PS: as i said, i am not a very skilled admin so, please, if possible, explain as simple as you can.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Welcome to the forums.
There are many aspects to be covered here. Let me ask some questions.
* How does the website resolve from the inside?
* Can you reach the resolved IP address from the inside?
* Is there a policy in place to reach that resolved IP address from the inside?
If you can answer these in order, I believe you'll be able to resolve your issue.
Good luck.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Thank you for you reply,
I think that if I can get fortigate to resolve the website internally, then the problem should be nearly solved.
But the problem is that I do not know how. I do not have an internal DNS server so I would like to use Fortigate DNS settings to do the resolving. For the moment for LAN I forward DNS request to system DNS (FortiGuard DNS) under network/ dns set to "Use Fortiguard Server" and under DNS Servers for LAN interface I set "Forward to System DNS".
I created a DNS database with the following:
cname with server name to domain
a address witn ip to server name
But it is not working, when I ping the server name I get the internal ip, when I ping the domain I get the public ip.
Hello,
I have part of the problem solved by adding a virtual server and a real server on the Fortigate and added corresponding setting in Policy.
Now I can access the server by cname using public ip from inside and outside of the organization.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.