We have a customer which is migrating their internet connectivity to a new speed and provider. WAN2 has the legacy internet connection and WAN1 has the new internet connection.
I am attempting to migrate VIP and rules to the new connection. Although I have created a new VIP and rule to map RDP to port 52002, it does not work on the new connection, even though it works on the old connection and IP. I have ensured the new IP is correct and that the internal IPs are also correct.
Another server on port 52000 works as expected so I am at a loss to explain this.
cli cmd diag debug flow is your friend, but it sounds like a routing and failures with uRPF lookup. I bet the old default route is pointed thru WAN1, if the VIP is attached to WAN2 and you have a RPF lookup failure the firewall will drop the packet due to RPFs checks.
If you want to confirm, place a /32 host route thru WAN2 to the source of your tester ipv4 address.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.