Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JFGauth
New Contributor

Created on ‎01-14-2025 02:51 PM

Web redirect

Hello everyone,

 

We have a DNS record that currently points to one of our Public IP Addresses.
With a VIP, the traffic is sent to our Big IP F5 where an irule is defined to redirect the traffic to an external public website (https). 

 

I would like to do the same but directly from the Fortigate and not use the our F5.

Can this be done ?
Thanks

 

Labels:
379
0 Kudos
10 REPLIES 10
AEK
SuperUser
SuperUser

Created on ‎01-15-2025 12:14 AM

Hi JF

You should be able to do it with a VIP and a firewall rule.

Add a VIP to map the virtual IP to the real IP (on the required TCP port, like 443 and/or 80), then add firewall rule that allow traffic from ALL (as source) to the VIP (as destination).

 
AEK
AEK
308
0 Kudos
JFGauth
New Contributor

Created on ‎01-15-2025 06:49 AM

Hello AEK

I tried that and it doesn't work.

288
0 Kudos
AEK
SuperUser
SuperUser
In response to JFGauth

Created on ‎01-15-2025 06:51 AM

Can you share the configuration? (you can hide the public IP addresses)

AEK
AEK
285
0 Kudos
JFGauth
New Contributor
In response to AEK

Created on ‎01-15-2025 06:53 AM

I took it out already since it didn't work :)

Thing is, the F5 rule is also presenting a certificate on the redirect (wildcard) and this can't be done with a VIP... So I also tried with a Virtual Server... but no luck there either.

283
0 Kudos
AEK
SuperUser
SuperUser
In response to JFGauth

Created on ‎01-15-2025 07:04 AM

That's right, you can present a certificate using VS. But we may help further if you can share the configuration (VS & firewall rule).

AEK
AEK
275
0 Kudos
JFGauth
New Contributor
In response to AEK

Created on ‎01-15-2025 07:07 AM

I'll redo the config and share it once I'm done
Cheers
JF

272
0 Kudos
JFGauth
New Contributor
In response to AEK

Created on ‎01-15-2025 07:06 AM

This is what I want to do (Visual fix is easier)
Fortinet.png

274
0 Kudos
AEK
SuperUser
SuperUser
In response to JFGauth

Created on ‎01-15-2025 07:44 AM

Now with the diagram I understand better.

Usually VIP is used for incoming traffic, from outside to inside, like when you publish a server from DMZ to internet.

I see here you want to access a public server through a VIP. So my question is why you want to use a VIP? Normally you just access the external web server directly using its public IP, right?

AEK
AEK
265
0 Kudos
JFGauth
New Contributor
In response to AEK

Created on ‎01-15-2025 11:44 AM

I know...
But we have a requirement for that...
We currently have users that use "anothercompany.ourcompany.com" and this is redirected to "anotherwebsite.anothercompany.com" ... it was setup to facilitate things for our users...

We'll soon retire those F5... Need this to be done by the Fortigate if possible.
That's the reason :)

JF

223
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.