Hi,
I have a pair of FortiGate 80F, running in HA mode, 2 Subnet (“Server Subnet” and “Client Subnet”), and 2 WAN link, WAN1 is connected to a Dynamic IP internet connection and WAN2 is connected to a Static IP Line (1 IP only)
“Client Subnet” will exit through WAN1, while “Server Subnet” will exit through WAN2, I’ve configured 2 default routes, both 0.0.0.0/0, to each of the WAN link, same distance and priority.
I’ve created 4 policy routes:
“Server Subnet” to go to “0.0.0.0/0” will go via WAN2,
“Client Subnet” to go to “0.0.0.0/0” will go via WAN1,
“Server Subnet” to go to “Client Subnet” will go via “Client Subnet” Interface,
“Client Subnet” to go to “Server Subnet” will go via “Server Subnet” Interface.
Base on checking at whatismyip.com web site, computers from Client subnet is showing WAN1 IP and servers from Server subnet is showing WAN2 IP, which is what I wanted.
web management (HTTP / HTTPS) on WAN1 and WAN2 are not enabled.
I have 1 web server need to be accessed from external, I created a VIP, mapped from WAN2, 0.0.0.0, map to the server IP, 192.168.2.4, set to forward port 80. I created a firewall policy to allow ALL traffic from WAN2 (any) to the webserver-VIP, NAT disabled.
However, the web server cannot be accessed from external. I can see there are “hits” at the VIP status page, there is no traffic being logged at the Policy page.
Any idea what did I missed?
Thanks.
Is it possible that the RPF check is pointing to WAN1 interface instead of WAN2 and dropping the packet?
Do you have 2 defualt routes configured via WAN1 and WAN2 ?
Can you check if "set strict-src-check enable" is configured? If so disable it and test
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1752 | |
1115 | |
766 | |
447 | |
241 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.