My fortigate 90D-POE enabled SD Wan setup from different ISP,
the problem is Wan1 can map port 80 & 443 to backend server(A)(DMZ-interface),
while Wan2 port 80 & 443 cannot be map to backend server(B)(LAN-interface),
but if I use 8080 of Wan2, I can successfully map to backend server (B);
Can someone help me, if fortigate only allow inbound traffic to Wan1 port 80/443; Wan2 inbound traffic to port 80/443 is not allowed? I checked both ISP not blocked port 80 & 443
My SD Wan setup:
wan1
wan2
SD Wan Rules:
DMZ(server A) -> Wan1 (server A outbound traffic through Wan1)
LAN(server B) -> Wan2 (server B outbound traffic through Wan2)
Static Routes:
Dest. 0.0.0.0 Gateway 0.0.0.0 Interface SD Wan
Firewall Policy allowed
SD-WAN ->DMZ
DMZ -> SD-WAN
LAN -> SD-WAN
SD-WAN -> LAN (server B, port 80/443)
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It should work. Can you show your VIP configs and FW Policy config?
It seems like there may be an issue with the firewall policy for Wan2 on your FortiGate. By default, the FortiGate should not block incoming traffic on any interface unless you have specifically configured a security policy to block it.
You should verify that you have a security policy in place allowing incoming traffic on port 80 and 443 for server B on the WAN2 interface. You can check this by going to Policy & Objects > Policy > IPv4 and verifying that there is a policy that allows incoming traffic from the source of WAN2 and the destination of the IP address of server B on port 80 and 443.
If the policy is in place, you can check the traffic logs to see if the traffic is being blocked by the firewall. To do this, go to Log & Report > Traffic Log and search for traffic from the source of WAN2 and the destination of the IP address of server B on port 80 and 443.
Otherwise, can you show the VIP setting and the SD-WAN setting?
It should work. Can you show your VIP configs and FW Policy config?
It seems like there may be an issue with the firewall policy for Wan2 on your FortiGate. By default, the FortiGate should not block incoming traffic on any interface unless you have specifically configured a security policy to block it.
You should verify that you have a security policy in place allowing incoming traffic on port 80 and 443 for server B on the WAN2 interface. You can check this by going to Policy & Objects > Policy > IPv4 and verifying that there is a policy that allows incoming traffic from the source of WAN2 and the destination of the IP address of server B on port 80 and 443.
If the policy is in place, you can check the traffic logs to see if the traffic is being blocked by the firewall. To do this, go to Log & Report > Traffic Log and search for traffic from the source of WAN2 and the destination of the IP address of server B on port 80 and 443.
Otherwise, can you show the VIP setting and the SD-WAN setting?
Hi,
Thank you for your replies, here are captured pictures of my fortigate rules setting, actually I'm quite new to fortigate, I don't know how to capture the txt config for you, if this is not enough, please let me know, thank you.
Hello,
I just did it, I think I made a stupid typo error on my policy forwarding for wan2 port 80 --> 20.124.26.240, should be 20.124.25.240; Everything is working fine now. Thank you for everyone's comment and help.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.