Hiho,

this time I myself actually have a problem:

I set up some VIP:

- gave it a name

- set interface to any

- set type to Static NAT

- set external ip range to the one host on my side I need traffic forwarded from

- set mapped ip to the broadcast ip of the remote subnet on the other side of the ipsec (FGT has a static route to this)

- set the source interface filter to the ipsec tunnel interface that connects the remote subnet

- disabled optional filters

- enabled port forwarding and set it to forward eternel port 9 UDP to internal 9 UDP

- enabled RP Reply (set by default)

- did not add it to a group

the goal behind this is that I wanted to be able to send WOL packets from a specific host here on our subnet to the local subnet. Due to this I also enabled broadcast forwarding on all involved interfaces (but not on any WAN interface).

WOL packets are broadcast packets so you cannot route those directly.

We are connected to our shops via IPSec Tunnels with an FGT on both ends.

The problem I ran into was this:

Once the vip was active on the remote firewall it caused all traffic coming from my specific host to go to nirvana and that host could not reach anything on remote side anymore.

I read that somwhere in FortiNet KB and it was supposed to only match traffic from this host which goes via Port 9 with UDP but it didn't.

Does anyone have any advice or idea what went wrong?

greets

Sebastian