Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
roberto_papa
New Contributor

Created on ‎03-25-2025 07:18 AM

Unable to reach virtual server on a VLAN

Hi,

I've created virtual servers on Fortigate (eg: mail.customer.com, phone.customer.com...) and all works on LAN, but when i connect my pc to a VLAN i can't reach no one of them, so if (for example) i want to connect to my mail server it didn't works.

I'm able to ping mail.customer.com (return public IP).

I've created firewall policy rule but i'm not sure how to create static route and/or policy route.

Can you help me?

Thanks.

Labels:
212
0 Kudos
10 REPLIES 10
adambomb1219
SuperUser
SuperUser

Created on ‎03-25-2025 08:05 AM

Need way more details here.  Does DNS work?  Is there a policy in place?  Is this inbound NAT using a virtual IP?  Something else?

183
0 Kudos
roberto_papa
New Contributor
In response to adambomb1219

Created on ‎03-28-2025 01:23 AM

I've reply with my configuration

52
0 Kudos
dingjerry_FTNT
Staff
Staff

Created on ‎03-25-2025 09:50 AM

Hi @roberto_papa ,

 

Could you please attach the FGT config? 

 

Or at least share the VIP configurations and relevant firewall policies.

Regards,

Jerry
168
roberto_papa
New Contributor
In response to dingjerry_FTNT

Created on ‎03-27-2025 11:45 AM

I've reply with my configuration

102
0 Kudos
Sheikh
Staff
Staff

Created on ‎03-25-2025 09:57 AM

Hello @roberto_papa 

 

With this limited information, it would be difficult to provide or suggest next action plans.

 

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
165
roberto_papa
New Contributor

Created on ‎03-27-2025 11:44 AM

If i ping a virtual server it return me public IP, not local IP (i don't want to forward traffic locally VLAN-LAN).
I've created virtual server for VLAN: 

virtualserver.png

and policy

policy.png

I don't create DNS server for VLAN because i want ping virtual server by public IP, not local IP (if create DNS server for VLAN is the only possible solution, i create it).

Tracert goes out, but it stop on public IP when the packet return.

Maybe it's a static routes problem:

staticroute.png

or policy route problem:

POLICYroute.png

103
0 Kudos
dingjerry_FTNT
Staff
Staff
In response to roberto_papa

Created on ‎03-27-2025 12:15 PM

1) I am not sure why you are not using VIP.  You are using Virtual Server unless you have multiple real servers for load balancing; otherwise, you may use VIP.  Apparently, you don't.

 

Please check this KB for how to configure VIP:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Virtual-IP-VIP-port-forwarding-configurati...

 

2) The static route for the external IP of your Virtual Server is supposed to be linked to "VLAN Ospiti", not "lan".

Regards,

Jerry
84
dingjerry_FTNT
Staff
Staff
In response to dingjerry_FTNT

Created on ‎03-27-2025 12:16 PM

Oh, the policy route is not necessary.

Regards,

Jerry
83
roberto_papa
New Contributor
In response to dingjerry_FTNT

Created on ‎03-28-2025 01:24 AM

I have multiple virtual server that use same source port, so i can't use VIP but virtual server.

49
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.