Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ionel_botofan
New Contributor

Routing for a website

Hello,

I have a problem or maybe lack of knowledge regarding routing in Fortigate. I will describe bellow the problem.

Info regarding setup/hardware:

- one fortigate 100D with firmware 5.4.3

- 2 ISP lines with static IP

- no AD

Info regarding problem:

I have a domain hr.mydommain.com that i need to redirect to an internal server that is not on DMZ. I have made setting on the domain hosting dns to point to one of my public ISP Ip and it works, as i can ping the domain and it points to my ISP public IP.

What i want to do is:

- point this domain for internal LAN to my private LAN IP ( to not go over the Internet)

- redirect all request for this site from WAN to my internal IP.

The site is accessed trough Https, so i made VIP setting in policy&objects/ virtual ip to forward 443 port from public ip to local ip of the server.

So far what i get is:

from lan&wan cannot access the site using CNAME

from lan i can access the site using server name

What do i miss?

Thank you!

 

PS: as i said, i am not a very skilled admin so, please, if possible, explain as simple as you can.

 

3 REPLIES 3
rwpatterson
Valued Contributor III

Welcome to the forums.

 

There are many aspects to be covered here. Let me ask some questions.

* How does the website resolve from the inside?

* Can you reach the resolved IP address from the inside?

* Is there a policy in place to reach that resolved IP address from the inside?

 

If you can answer these in order, I believe you'll be able to resolve your issue.

 

Good luck.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
ionel_botofan

Thank you for you reply,

I think that if I can get fortigate to resolve the website internally, then the problem should be nearly solved.

But the problem is that I do not know how. I do not have an internal DNS server so I would like to use Fortigate DNS settings to do the resolving. For the moment for LAN I forward DNS request to system DNS (FortiGuard DNS) under network/ dns set to "Use Fortiguard Server" and under DNS Servers for LAN interface I set "Forward to System DNS".

I created a DNS database with the following:

cname with server name to domain

a address witn ip to server name

But it is not working, when I ping the server name I get the internal ip, when I ping the domain I get the public ip.

 

ionel_botofan

Hello,

I have part of the problem solved by adding a virtual server and a real server on the Fortigate and added corresponding setting in Policy.

Now I can access the server by cname using public ip from inside and outside of the organization.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors