Hi,
I've currently got a fortigate (5.4.4) that has a Azure VPN connected on the outside interface, a number of subnets running on the inside of the fortigate have access to the servers over the Azure VPN and all is running no problem
I've just got a new request to permit two external IP addresses access to a port on a server at Azure (this has to access via the VPN).
So i need to create a VIP (port forwarding) from a IP on the fortigate outside interface pointing to the server at Azure and send the traffic up the existing Azure VPN (hairpinning).
I tried this last night but could not get it working.
What i tried was....
1. Create the VIP (outside interface IP address port forward to Azure server ip address on TCP port)
2. Create a policy (no natting) outside int -> Azure VPN
3. Create a policy (no natting) Azure VPN -> outside int
4. added the two public IP's requiring access, to the Azure VPN phase2 local subnets
5. added the two public IP's requiring access, to the Azure end setup.
But the Azure VPN dropped and would not come backup until i removed all the config again.
Can you tell me if this setup is possible and if so how?
FYI i have now proven this works in a Lab setup with a VPN to a Cisco router simulating the Azure connection.
However in the actual setup traffic does not not reach the Azure servers (a packet capture on the Fortigate Azure VPN interface) shows traffic correctly hitting the VPN.
It's looking like it may be an Azure issue.
An update which may help someone.
Try resetting the VPN gateway at the Azure end, this solved it for me. It seems when you have an established VPN tunnel to Azure, adding additional IP addresses on the Azure end has no effect but when added on the Fortigate phase 2 it drops the tunnel and it won't come backup. However if the Azure VPN gateway is then reset it comes backup and all is good.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.