Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: VIP using Static IP from WAN1, but shift Outgo...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VIP using Static IP from WAN1, but shift Outgoing Traffic to WAN2? (SD-WAN / VIP)
Hello,
I recently installed a second WAN on my FortiGate 40F. I've been facing an issue I'm not able to resolve and looking for some help. I am a beginner though, so I'll try my best to explain my goal clearly and current
Goal:
- My wan1 has a bunch of static IPs, while wan2 doesn't have any.
- I would like to access my file server via a static IP from wan1 from the internet (only wan1 has static IPs)
- I would like the application to only upload traffic via wan2 because it is 25x faster.
So, it should listen on wan1, but actually use wan2 only for data transmission.
Current Setup:
- Configured SD-WAN and added both members. WAN2 has a higher priority, and in general it is being used most of the time, which is good for me. - working fine
- Created VIP for my server (external 37.37.37.37, internal 192.168.5.111) - working fine
My Policies:
- SD-WAN to LAN (source all, destination VIP)
- LAN to SD-WAN (source all, destination all)
FOUND SOLUTION - Thank you everyone!:
Possible solution was to create DDNS and necessary firewall policies with that for dynamic/non-static IP.
- In my case: I got 1 static IP as well from my WAN2 ISP. My ISP router was giving me a local address & I can't configure it manually; it has to be DHCP.
- Solved by creating a DMZ for the Fortigate on the ISP router. Then, creating firewall policies & VIPs using the Fortigate IP address ON THE ISP ROUTER (192.168.118.4 in my case).
Thanks again everyone! A very pleasurable experience here, my first time on the forum!
Solved! Go to Solution.
FortiGate
FortiGate
Labels:
- Labels:
-
Firewall policy
-
FortiGate
-
SD-WAN
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Greetings!
In this case create a port forwarding on ISP router, https://www.hellotech.com/guide/for/how-to-port-forward
ISP router should translate the traffic from public IP to private IP of FortiGate.
Thank You!
Dhruvin Patel
- « Previous
-
- 1
- 2
- Next »
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, the public IP is getting resolved correctly. The DDNS is getting the correct IP.
When I sniff for packets "diagnose sniffer packet", nothing is hitting the firewall... but all other static IPs and ports from wan1 are getting traffic.. Not sure why this is happening..
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Greetings!
In this case create a port forwarding on ISP router, https://www.hellotech.com/guide/for/how-to-port-forward
ISP router should translate the traffic from public IP to private IP of FortiGate.
Thank You!
Dhruvin Patel
Created on 08-25-2024 07:11 AM Edited on 08-25-2024 09:24 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much!
After enabling Port Forwarding (I set up a Virtual Server and opened all ports one by one), I am now finally able to receive traffic.
I actually set it up as a DMZ to get all ports open to the Fortigate.
Now its another issue I'm encountering at the moment:
- VPN server say its listening at 192.168.10.10:7777 on wan2 for example. I am able to connect it to by going to 37.37.37.37:7777 now.
- I can connect to the VPN, but I am not able to RECEIVE any data; but it is successfully sending data to through the VPN.
- Should I be adding any specific firewall policy? For my policies, should I be treating it as 192.168.118.4 (which is the fortigate IP on the ISP router?) .. or should I add the static IP? i don't believe adding the static IP is working
SOLVED: Added VIP for 192.168.118.4 instead of the public IP.. everything is working now.
Thank you everyone!
- « Previous
-
- 1
- 2
- Next »
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Output traffic with default route BGP 661 Views
- incoming IPSec VPN traffic only works... 282 Views
- IPSEC VPN Traffic ping not working 431 Views
- FortiGate VPN IPSec Tx Error 434 Views
- How to Modify convergence times in... 155 Views
Labels
-
FortiGate
8,497 -
FortiClient
1,721 -
5.2
801 -
FortiManager
715 -
5.4
639 -
FortiAnalyzer
548 -
FortiSwitch
460 -
FortiAP
460 -
6.0
416 -
FortiClient EMS
411 -
5.6
362 -
FortiMail
309 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
223 -
FortiWeb
200 -
5.0
196 -
IPsec
187 -
FortiNAC
180 -
FortiGuard
136 -
6.4
128 -
SD-WAN
110 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
84 -
Customer Service
78 -
Wireless Controller
76 -
Firewall policy
71 -
4.0MR3
64 -
FortiProxy
59 -
Fortivoice
53 -
FortiADC
53 -
High Availability
53 -
FortiEDR
50 -
vlan
47 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
Routing
40 -
DNS
40 -
BGP
39 -
LDAP
39 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
33 -
Authentication
31 -
SSO
31 -
Interface
31 -
NAT
30 -
RADIUS
29 -
FortiConnect
27 -
FortiLink
27 -
FortiWAN
25 -
FortiConverter
25 -
VDOM
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
Web profile
24 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiPortal
19 -
SSL SSH inspection
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Intrusion prevention
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
Fortinet Engage Partner Program
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1662 | |
| 1077 | |
| 752 | |
| 446 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.