Hiho,
this time I myself actually have a problem:
I set up some VIP:
- gave it a name
- set interface to any
- set type to Static NAT
- set external ip range to the one host on my side I need traffic forwarded from
- set mapped ip to the broadcast ip of the remote subnet on the other side of the ipsec (FGT has a static route to this)
- set the source interface filter to the ipsec tunnel interface that connects the remote subnet
- disabled optional filters
- enabled port forwarding and set it to forward eternel port 9 UDP to internal 9 UDP
- enabled RP Reply (set by default)
- did not add it to a group
the goal behind this is that I wanted to be able to send WOL packets from a specific host here on our subnet to the local subnet. Due to this I also enabled broadcast forwarding on all involved interfaces (but not on any WAN interface).
WOL packets are broadcast packets so you cannot route those directly.
We are connected to our shops via IPSec Tunnels with an FGT on both ends.
The problem I ran into was this:
Once the vip was active on the remote firewall it caused all traffic coming from my specific host to go to nirvana and that host could not reach anything on remote side anymore.
I read that somwhere in FortiNet KB and it was supposed to only match traffic from this host which goes via Port 9 with UDP but it didn't.
Does anyone have any advice or idea what went wrong?
greets
Sebastian
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.