I've got a Fortigate 90D (5.4 Build 1011 in interface mode and doing NAT) with two wan connections. One is fibre (wan1) with a small range of public IPs and the other is an ADSL/pppoe backup connection (wan2). I've setup failover between the two wan ports and it works great. Wan2 is configured as a pppoe port with the ADSL router in bridge mode.
On the primary interface (wan1) I have a few public IPs that I forward to various internal servers via VIPs and port forwarding. I want to have a similar setup for when the link fails to the adsl connection (which has one dynamic IP).
So I created new VIPs that reference wan2 and I use the public IP that is currently assigned by the service provider.
(no place for a FQDN it seems so it will break once the IP changes but I'll worry about that later).
None of the VIPs work even though I've created a new VIP and assigned a policy to it and the wan2 interface.
I'm new to Fortigate so I would not be surprised if I missed something obvious, has anyone managed to get
VIPs working over a pppoe connection. Any advice on where to look etc.
Minutes after posting this thread I had a light bulb moment and found my mistake. It now works.
My mistake was configuring the external IP on the VIP config. The VIP is already bound to
wan2 but for some sleepy reason I was thinking I needed to put my dynamic public IP in here. But
what that actually does is limit the VIP to only forward traffic received from that IP (which in theory would
never happen). At least that is what made sense to me. :)
set uuid 4xxxxxxx-2xxx-5xxx-2xxx-1xxxxxxxxxxx
set comment "Exchange access via backup link"
set extip 169.x.x.x <------------------------- this should be 0.0.0.0
set extintf "wan2"
set portforward enable
set mappedip "10.x.x.x"
set extport 443
set mappedport 443
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.