Virtual wire pair before wan interface blocks firewall traffic, proxy traffic works fine
I have a working fortigate v7.2.2 with: wan1 = Internet
interface 5 = proxy clients
interface 6 = connection from lan on port 6 to internet wan1 through an allow all policy
Everything works great.
Now I created a virtual wire pair (port 3&4) and I put an "allow all policy" on it and enabled IPS with a default_pass_all policy. I use this wire pair as a connection between the isp modem and the wan 1 interface. so the flow is now isp -> lan3 ...... lan4>wan1 with this wire pair inserted before the wan1 connection, the web proxy still works, but there is no traffic from the lan connected to interface 6 to the internet.
So it looks like the virtual wire pair is blocking something, I tried both the VLAN Wildcard option on and off, but both gave the same result. I even removed the IPS inspection on the wire pair, but no luck.
What am I missing? Why does the insertion of the virtual wire pair before wan1 inhibit traffic from the lan connected to interface 6. I had expected the virtual wire pair to be fully transparent, but apparently it isn't.
I have an IPS policy enabled on the firewall policy, however in that case portscans etc on my wan1 internet interface are not detected. With the virtual wire pair I do get a notification of these kind op attacks.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.