Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bigbaddiesel
New Contributor

VirtualServer Traffic Dropped

I apologize if this has been covered before, but I couldn't come up with it in the searches I tried. 

 

I have a fortigate 60E set up as such:

 

VirtualServer 10.200.1.1

- 10.1.1.130

- 10.1.1.131

- 10.1.1.132

- 10.1.1.133

 

When any of the machines in the VServer group make a request against the VServer, if they happen to get DNatted to their own IP, the traffic is dropped. Here is the relevant capture snippet:

 

2017-10-22 14:20:17 id=20085 trace_id=615 func=print_pkt_detail line=5319 msg="vd-root received a packet(proto=6, 10.1.1.130:35704->10.100.1.1:80) from internal. flag, seq 3767787518, ack 0, win 29200", seq 3767797518, ack 0, w

2017-10-22 14:20:17 id=20085 trace_id=615 func=init_ip_session_common line=5475 msg="allocate a new session-02f75ea4"

2017-10-22 14:20:17 id=20085 trace_id=615 func=fw_pre_route_handler line=182 msg="VIP-10.1.1.130:3000, outdev-unkown"

2017-10-22 14:20:17 id=20085 trace_id=615 func=__ip_session_run_tuple line=3140 msg="DNAT 10.100.1.1:80->10.1.1.130:3000"

2017-10-22 14:20:17 id=20085 trace_id=615 func=vf_ip_route_input_common line=2578 msg="find a route: flag=04000000 gw-10.1.1.130 via internal"

2017-10-22 14:20:17 id=20085 trace_id=615 func=ip_session_core_in line=5839 msg="same src/dst address 10.1.1.130, drop" 

 

I've tried creating a policy to allow traffic from 10.1.1.130 to itself, but it still seems to get implicitly dropped. Has anyone else run into this issue? Thanks in advance!

0 REPLIES 0
Labels
Top Kudoed Authors