Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BrettJ
New Contributor

Created on ‎02-01-2024 03:50 PM

Virtual IP setup

Hello!

 

I am setting up a service that will live behind the Fortigate Firewall and I have the Virtual IP setup. I have inbound and outbound rules setup that should allow traffic, however when I try to ping or anything else to the virtual IP I don't get any response. Because the Public IP will only be used for the service I don't have NAT setup. This firewall also is only connected to one line out to our ISP who also has us a block of IP addresses. Here is the rule:

Incoming Interface: Virtual Wan Link

Outgoing: Internal Service

Source: All

Destination: VIP

Schedule: Always

Service All

NAT disabled.

 

Other rule:

Incoming Interface: Internal Service

Outgoing: Virtual Wan Link

Source: all

Destination: all

Schedule: always

Service: All

NAT Disabled

 

Is there anything I am missing?

Labels:
922
0 Kudos
1 Solution
hbac
Staff
Staff

Created on ‎02-02-2024 07:10 AM

Hi @BrettJ.,

 

Please refer to this article to collect debug flow to see if the traffic is being dropped or not: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

 

Regards, 

View solution in original post

878
0 Kudos
2 REPLIES 2
Toshi_Esumi
SuperUser
SuperUser

Created on ‎02-01-2024 03:59 PM Edited on ‎02-01-2024 04:00 PM

Those are policies for two different sessions: incoming sessions and outgoing sessions. The outgoing sessions are like for when you access a web site on the internet from your server's browser. Not for the returning packets for the VIP access from outside. So for that direction you still need NAT/SNAT enabled.

 

Then your VIP config is questionable if you forwarded all ports/protocols to the server and couldn't get ping responses. Please share us the VIP config.
Then you need to run sniffing and flow debugging to troubleshoot.

 

Toshi

914
0 Kudos
hbac
Staff
Staff

Created on ‎02-02-2024 07:10 AM

Hi @BrettJ.,

 

Please refer to this article to collect debug flow to see if the traffic is being dropped or not: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

 

Regards, 

879
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.