I have configured Virtual IP address from my website with port forwarding"
Interface: WAN1
Static NAT type
Local IP: 192.168.1.54
Public IP: XX.XXX.XXX.XX
Port Forwarding External 80 Map to IPv4 Port 84
The Policy for this Virtual IP:-
Incoming Interface: WAN1
Outgoing Interface: internal
Source: WAN2_int (Subnet 0.0.0.0/0 Interface:wan2)
Destiantion: Virtual IP (above)
Service: All_TCP
NAT: enabled
IP Pool configuration: Use Outgoing Interface Address
I cannot resolve the domain name to browse the website, nor can I browse the website with a Public IP address. All my hosting services for website and exchange emails didn't work.
Am I missing some routing policies or some Internat to WAN policies?
Totally lost
Hi Amak
Can you try giving the service as ALL in the policy, and also clarify the line in the policy you defined [Source: WAN2_int (Subnet 0.0.0.0/0 Interface:wan2)].
Also verify are you able to access internally on port 84 or not
Thanks
WAN2_int is an Address to use the WAN2 interface only.
config firewall address
edit "WAN2_int"
set associated-interface "wan2"
next
end
Hi @AMAK
To have better visibility on how the traffic is handled can you, please, perform a debug of the traffic flow?
diagnose debug reset
diagnose debug flow filter addr x.x.x.x <----- where x.x.x.x is the source of the traffic.
diagnose debug flow trace start 100
diagnose debug enable
Is routing properly configured, are you able to reach 192.168.1.54 from the FortiGate?
Firewall60F # diag debug flow trace start 50
Firewall60F # diag debug enable
Firewall60F # id=65308 trace_id=1 func=print_pkt_detail line=5868 msg="vd-root:0 received a packet(proto=6, 192.168.1.25:52645->XX.XXX.XXX.XX:80) tun_id=0.0.0.0 from internal. flag [S], seq 368941642, ack 0, win 64240"
id=65308 trace_id=1 func=init_ip_session_common line=6049 msg="allocate a new session-000301a2, tun_id=0.0.0.0"
id=65308 trace_id=1 func=get_new_addr line=1228 msg="find DNAT: IP-192.168.1.54, port-84"
id=65308 trace_id=1 func=fw_pre_route_handler line=176 msg="VIP-192.168.1.54:84, outdev-unknown"
id=65308 trace_id=1 func=__ip_session_run_tuple line=3498 msg="DNAT XX.XXX.XXX.XX:80->192.168.1.54:84"
id=65308 trace_id=1 func=vf_ip_route_input_common line=2605 msg="find a route: flag=04000000 gw-192.168.1.54 via internal"
id=65308 trace_id=1 func=__iprope_tree_check line=524 msg="gnum-100004, use int hash, slot=79, len=2"
id=65308 trace_id=1 func=fw_forward_handler line=757 msg="Denied by forward policy check (policy 0)"
id=65308 trace_id=2 func=print_pkt_detail line=5868 msg="vd-root:0 received a packet(proto=6, 192.168.1.25:52646->XX.XXX.XXX.XX:80) tun_id
=0.0.0.0 from internal. flag [S], seq 3094431630, ack 0, win 64240"
Hi, the output shows that the traffic is dropped because there is no policy to allow it.
As per your first comment the traffic is expected to come from WAN but in the provided output it comes from "internal". Please check if the policy is correctly configured.
Any solution to this?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.