As I am trying to configure VIP in the FortiGate firewall but could not succeed in this lab. could you please see my configuration what I am doing a mistake for this lab.
Step 1. - I want to access the web server using telnet and ssh service from the outside world.
step 2. I have mapped external IP and webserver IP in VIP option.
step 3. created policy such as -
incoming interface - WAN
outgoing interface - DMZ
source address - all
destination address- web server ( virtual IP )
service - all
then I applied this policy and after applying unable to access the webserver from the outside.
Please find the screenshot that will be better for understanding what I doing in this lab.
In order to have an uderstanding how the Fortigate does handle the traffic, please run debug flow and packet sniffer as below:
Once done, attach the outputs to the thread
- your diagram shows WAN interface as 192.168.99.2, and external IP of VIP as 192.168.99.4
- your VIP configuration shows external IP as 192.168.99.2
Can you verify that you have the correct IPs set for interface and VIP?
-> with the VIP configured as it is (no specific port filters), it needs to have a different external IP than the interface
If this is not a simple error in external IP/interface IP, Ahmed has provided excellect debug commands to get started figuring out what's happening :)
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.