Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lokewing
New Contributor

Created on ‎01-03-2017 09:27 AM

Unable access local server through Public IP after configured policy route

Hi All,

 

i recently subscribe a new ISP For secondly WAN line, below is my config related to that two WAN line and my routing rules,all machine under VLAN12 are able to access access and my local server without any issues. but i cannot access my local server through Public IP after i add the policy route(Front colour Blue) to force my vlan12 network to specific WAN line(Port8),vlan12 network had been successful force route to Port8 WAN line.

 

Anyone got idea for this ?

 

config router policy     edit 8         set input-device "vlan12"         set src "172.16.12.0/24"         set dst "0.0.0.0/0.0.0.0"         set output-device "port8"

 

config firewall vip edit "EXCHANGESVR"         set extip 202.xxx.xxx.xxx         set extintf "port8"         set mappedip "172.16.12.10" config firewall policy         edit 81         set srcintf "port8"         set dstintf "vlan12"         set srcaddr "all"         set dstaddr "EXCHANGESVR"         set action accept         set schedule "always"         set service "SMTP" "SMTPS" "HTTPS" "HTTP" "ALL_ICMP" "ALL_ICMP6"         set utm-status enable         set av-profile "exchangeAD"         set spamfilter-profile "ExchangeEmail"         set ips-sensor "exchangeSMTPIPS"         set profile-protocol-options "ServerProxy"         set ssl-ssh-profile "default"     next edit 84         set srcintf "vlan12"         set dstintf "port8" "Maxis"         set srcaddr "vlan12_network"         set dstaddr "all"         set action accept         set schedule "always"         set service "ALL"         set logtraffic all         set nat enable     next config system interface     edit "port8"         set vdom "root"         set ip 202.xxx.xxx.xxx 255.255.255.252         set allowaccess ping https         set type physical         set spillover-threshold 50         set weight 50         set snmp-index 13     next     edit "Maxis"         set vdom "root"         set mode pppoe         set distance 10         set allowaccess ping https         set fail-detect enable         set fail-detect-option detectserver         set spillover-threshold 50         set weight 50         set snmp-index 4         set username "xxxxxxxxxxxxxxxxx"         set password ENC xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx         set interface "wan2"         set vlanid 621     next end config router static     edit 5         set gateway 202.xxx.xxx.xxx         set device "port8"     next end

Preview file
17 KB
Labels:
3802
0 Kudos
2 REPLIES 2
MikePruett
Valued Contributor

Created on ‎01-03-2017 11:13 AM

Your policy route is nuking the return traffic and your outside users aren't able to access it because they are discarding the traffic since it isn't returning from the proposed source?

 

That would be my first test

Mike Pruett

Fortinet GURU | Fortinet Training Videos

Mike Pruett Fortinet GURU | Fortinet Training Videos
1493
0 Kudos
Jzhang_FTNT
Staff
Staff
In response to MikePruett

Created on ‎01-25-2017 01:46 PM

FGT won't evaluate policy route for reply traffic.  May I know via which interface you're trying to access the VIP? 

1493
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.