Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dagd
New Contributor

newbie Lan and DMZ setup on 200e Virtual Domain

Hello

I have a question about DMZ and Lan setup on a Virtual Domain, see attach I did follow the instruction from cookbook "Protecting a web server with DMZ" Web server configuration is good, I cannot browse the internet from the Lan, any ideas?

Thanks

 

9 REPLIES 9
Toshi_Esumi
SuperUser
SuperUser

https://cookbook.fortinet.com/protect-a-web-server-with-dmz/index.html

This cookbook you referred includes only configuration to make WAN->DMZ and LAN->DMZ work. You need a policy for LAN->WAN with NAT.

dagd

yes that is correct,

port1 to Internet

port2 to DMZ

port3 to lan

I created a policy under IPv4 Policy from one of the cookbook, work in other VDom without a DMZ, but do not work in this setup.

Toshi_Esumi

So you're saying you have at least two vdoms: vdom1=internet port+lan port, vdom2=internet port(port1)+DMZ(port2)+lan(port3). Is it correct? This means you have two internet circuits. Basically vdoms are completely separate router/firewalls. If one port belongs to one vdom, it's not accessible from another vdom, unless you create vdom-links to bridge them together. Is this what you're trying instead?

dagd
New Contributor

The info above 3 port are part of the same vdom

Toshi_Esumi

Then I don't see any reason the policy from port3 to port1 with NAT enabled doesn't work in the same way it works at another vdom. Share us what you configured.

dagd

interfaces

 

ShawnZA
Contributor II

So port 6 is your internal and port 5 is external, do you have a policy that allows traffic from port 6 to port 5 with NAT enabled?

 

dagd
New Contributor

Hi,

Sorry for the partial info! this system only allowed to post one image. this is the whole config.

dagd
New Contributor

problem solve, I deleted everything and the recreated the whole configuration and now work!

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors