Hi,

I have a pair of FortiGate 80F, running in HA mode, 2 Subnet (“Server Subnet” and “Client Subnet”), and 2 WAN link, WAN1 is connected to a Dynamic IP internet connection and WAN2 is connected to a Static IP Line (1 IP only)

“Client Subnet” will exit through WAN1, while “Server Subnet” will exit through WAN2, I’ve configured 2 default routes, both 0.0.0.0/0, to each of the WAN link, same distance and priority.

I’ve created 4 policy routes:
“Server Subnet” to go to “0.0.0.0/0” will go via WAN2,
“Client Subnet” to go to “0.0.0.0/0” will go via WAN1,
“Server Subnet” to go to “Client Subnet” will go via “Client Subnet” Interface,
“Client Subnet” to go to “Server Subnet” will go via “Server Subnet” Interface.

Base on checking at whatismyip.com web site, computers from Client subnet is showing WAN1 IP and servers from Server subnet is showing WAN2 IP, which is what I wanted.

web management (HTTP / HTTPS) on WAN1 and WAN2 are not enabled.

I have 1 web server need to be accessed from external, I created a VIP, mapped from WAN2, 0.0.0.0, map to the server IP, 192.168.2.4, set to forward port 80. I created a firewall policy to allow ALL traffic from WAN2 (any) to the webserver-VIP, NAT disabled.

However, the web server cannot be accessed from external. I can see there are “hits” at the VIP status page, there is no traffic being logged at the Policy page.

Any idea what did I missed?

Thanks.