Hello
I have a question about DMZ and Lan setup on a Virtual Domain, see attach I did follow the instruction from cookbook "Protecting a web server with DMZ" Web server configuration is good, I cannot browse the internet from the Lan, any ideas?
Thanks
https://cookbook.fortinet.com/protect-a-web-server-with-dmz/index.html
This cookbook you referred includes only configuration to make WAN->DMZ and LAN->DMZ work. You need a policy for LAN->WAN with NAT.
yes that is correct,
port1 to Internet
port2 to DMZ
port3 to lan
I created a policy under IPv4 Policy from one of the cookbook, work in other VDom without a DMZ, but do not work in this setup.
So you're saying you have at least two vdoms: vdom1=internet port+lan port, vdom2=internet port(port1)+DMZ(port2)+lan(port3). Is it correct? This means you have two internet circuits. Basically vdoms are completely separate router/firewalls. If one port belongs to one vdom, it's not accessible from another vdom, unless you create vdom-links to bridge them together. Is this what you're trying instead?
The info above 3 port are part of the same vdom
Then I don't see any reason the policy from port3 to port1 with NAT enabled doesn't work in the same way it works at another vdom. Share us what you configured.
So port 6 is your internal and port 5 is external, do you have a policy that allows traffic from port 6 to port 5 with NAT enabled?
Hi,
Sorry for the partial info! this system only allowed to post one image. this is the whole config.
problem solve, I deleted everything and the recreated the whole configuration and now work!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.