Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
johnie
New Contributor

Created on ‎06-23-2023 09:26 PM

cannot route traffic to virtual ip in another vlan

I would like to ask some questions for my issue.  My firmware version is V7.4.0 Build 2360.

1) I have FortiGate 600F and i made port23 as truck port and configured 2 VLANs on that port. These are. 

  • VLAN 100 (192.168.100.251/24) interface name: vlan100
  • VLAN 51 (192.168.51.251/24) interface name: vlan51

And I make virtual Ip address VIP on VLAN 100 interface, 

  • name: DBVIP
  • interface: vlan100
  • external Ip address: 192.168.100.40
  • map to 192.168.100.55 (this is my database server)
  • port forwarding: 
  • external service port: TCP 1521
  • Map to Ip v4 port: TCP 1521

My question is that I want to access virtual Ip address 192.168.100.40:1521 from my client in VLAN 51 network.

My problem is that I cannot create firewall rule to access vlan50 to VIP address in vlan100.

How can I do that? 

For firewall policy,

incoming interface: vlan51

outgoing interface: vlan100

source: vlan51 network address

Dest: "VIP of DBVIP in vlan100 network"
service: TCP-1521

 

But i cannot found VIP of DBVIP destination option in firewall rules.

 

Labels:
185
0 Kudos
1 REPLY 1
johnie
New Contributor

Created on ‎06-25-2023 11:10 PM

Any idea for my issue?

 

144
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.