My fortigate 100d is not forward traffic between Guestlan and lan.
Guestlan is on a seperate lan.
Wan adresses are 200.200.200.2 255.255.255.240
One webserver is on 200.200.200.3 and traffic is going fine. From the internet as from the guestnetwerk
the second webserver is on 200.200.200.2
From the internet this website is accessable. But when we try to acces the website from the guestnewerk it is not accessable. When we look at the log and report we see it is getting in the Implicit Deny rule.
The guest network is 192.168.1.1 and external adres is 200.200.200.13. We have internet acces and eveything is working fine.
When I put the webserver from 200.200.200.2 to 200.200.200.4 it is working fine. When I change this back to 200.200.200.2 it stops working. Is this a bug because we use the first address in the range.
https on the webinterface is not enabled.
System settings https port 443 is changed to 8443 for Administration logon.
Please assist
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
There's more to a hairpin VIP, read here: http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD36202
But I agree, @emnoc's got it.
Thanks ede
I was to busy to find that KB link, but yeah that's probably what the OP needs ;)
PCNSE
NSE
StrongSwan
Sorry for the delay. I was out ogf the office.
I tried everything above. But until now it is not working.
Perhaps I was not clear in the beginning.
Ports 1 to 14 are in use for LAN (192.168.10.0)
LAN is going out with 200.200.200.2
Port 15 is in use for Guestlan (192.168.1.0)
Guest lan is going out with 200.200.200.13 using IP_POOL
Policies are fine. Going from Wan1 to Lan using VIP
VIP interface WAN1 (also tried any)
200.200.200.2 to 192.168.10.2
port 443
Will do some diag to see if I get an error of somekind.
I seems I het to 192.168.10.2 but the way back is not working.
Hello,
Make sure the VIP interface is set to "ANY".
Then you need to have in place a policy with:
- source interface: "Guestlan" (port15)
- destination inteface: "lan" (all ports mentioned on your previous comment)
- destination: the VIP you already have.(HTTPS-)
Changed the settings as described in the KB it is working now.
Thank you for all your input.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1105 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.