Hi everyone, I have a LAN user wants to connect to a LAN server from the
public address that is in the same subnet as the fortigate external
address. I have setup VIP and firewall policies but it does not seem to
work, debug flow shows it was DNATed ...
OK I figured out what happened, configs are correct in fortigate, the
problem is the image I posted earlier is not exactly true, there is an
active route between SW1 and SW2, so when fortigate DNATed the packet
received from client and sent it to the...
For some reason I can access this server with the public ip from LAN2
(LAN2 hairpin to LAN2, not with LAN1) before, I checked debug flows the
difference is previously the last 2 logs are "Allowed by policy-N: SNAT"
and "SNAT: 192.168.8.100 -> 192.168...
Hi, debug flow shows "DNATed" to the internal server, and after several
policy matches(all act-accept), it shows "Allowed by policy N:" and then
the packet ends, N being the wan-to-lan2 policy, didnt receive any
traffic checking my server's access lo...
