My office recently had to switch to a wireless modem with a single public IP address. I never configured the old modem, so I'm fairly inexperienced with fortinet's systems.
The router we're using is a FortiWifi 50B, running FortiOS 3.0. The firmware version is FortiWiFi-50B 3.00-b0668(MR6 Patch 2). Yes, it's old.
The router connects our private office network to the internet. On our network is an exchange server to handle our email. The email is handled by several VIP rules which route the traffic to different ports on the exchange server.
For whatever reason, Outbound email works, but I'm monitoring the VIPs and no traffic is hitting them.
I'm pretty sure it's an IP issue within the VIP configuration. Currently for the external IP I have it set to the public IP address given by the modem. I have also tried the internal IP address of the modem from which the router gets its connection.
I only have one IP to give to the VIPs, and in the past I think there was a separate static IP that handled the emails. Is using only one IP for both the network and the VIPs causing a conflict?
EDIT: I got it to work. It turns out that it was a port forwarding issue. Our modem didn't allow traffic through the ports the VIPs needed by default. I also had to change the IPs that the VIPs were looking for to be the IP of the modem.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Uhm quick question... did you change the MX/A/PTR Records for your mailserver?
Public IP is on fortigate itself or on the ISP router ?
@gschmitt: I changed those records to point to our new public IP address.
@Aliakber_kuwait: The public IP is coming from the modem, I believe. The fortinet router is connected to the modem on WAN1 in DHCP mode. So perhaps I need to set the VIP's to handle traffic from the modem IP?
G3n0c1de wrote:You marked your question as solved but from the replies it doesn't look like it is@Aliakber_kuwait: The public IP is coming from the modem, I believe. The fortinet router is connected to the modem on WAN1 in DHCP mode. So perhaps I need to set the VIP's to handle traffic from the modem IP?
It depends on your modem, if you can set the modem to "passthrough" or "dmz" mode (without nat) you don't need to change your VIP object
I edited the main post with how I solved it.
And I wanted to get IP passthrough working, but for whatever reason it couldn't work.
What i use to do is If you have public IP on your modem/router, make the default dmz server address to your firewall WAN interface, so that all traffic for that public IP will reach the fortinet firewall and then you could make the VIP and policy with the Fortigate WAN IP (not the public IP)
Find attached snaps
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.