Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ionel_botofan
New Contributor

Created on ‎05-16-2017 02:04 AM

Routing for a website

Hello,

I have a problem or maybe lack of knowledge regarding routing in Fortigate. I will describe bellow the problem.

Info regarding setup/hardware:

- one fortigate 100D with firmware 5.4.3

- 2 ISP lines with static IP

- no AD

Info regarding problem:

I have a domain hr.mydommain.com that i need to redirect to an internal server that is not on DMZ. I have made setting on the domain hosting dns to point to one of my public ISP Ip and it works, as i can ping the domain and it points to my ISP public IP.

What i want to do is:

- point this domain for internal LAN to my private LAN IP ( to not go over the Internet)

- redirect all request for this site from WAN to my internal IP.

The site is accessed trough Https, so i made VIP setting in policy&objects/ virtual ip to forward 443 port from public ip to local ip of the server.

So far what i get is:

from lan&wan cannot access the site using CNAME

from lan i can access the site using server name

What do i miss?

Thank you!

 

PS: as i said, i am not a very skilled admin so, please, if possible, explain as simple as you can.

 

4627
0 Kudos
3 REPLIES 3
rwpatterson
Valued Contributor III

Created on ‎05-16-2017 07:29 AM

Welcome to the forums.

 

There are many aspects to be covered here. Let me ask some questions.

* How does the website resolve from the inside?

* Can you reach the resolved IP address from the inside?

* Is there a policy in place to reach that resolved IP address from the inside?

 

If you can answer these in order, I believe you'll be able to resolve your issue.

 

Good luck.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
1793
0 Kudos
ionel_botofan
New Contributor
In response to rwpatterson

Created on ‎05-16-2017 11:23 PM

Thank you for you reply,

I think that if I can get fortigate to resolve the website internally, then the problem should be nearly solved.

But the problem is that I do not know how. I do not have an internal DNS server so I would like to use Fortigate DNS settings to do the resolving. For the moment for LAN I forward DNS request to system DNS (FortiGuard DNS) under network/ dns set to "Use Fortiguard Server" and under DNS Servers for LAN interface I set "Forward to System DNS".

I created a DNS database with the following:

cname with server name to domain

a address witn ip to server name

But it is not working, when I ping the server name I get the internal ip, when I ping the domain I get the public ip.

 

1793
0 Kudos
ionel_botofan
New Contributor
In response to ionel_botofan

Created on ‎05-23-2017 09:17 AM

Hello,

I have part of the problem solved by adding a virtual server and a real server on the Fortigate and added corresponding setting in Policy.

Now I can access the server by cname using public ip from inside and outside of the organization.

1793
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.