Hello, We have two questions:Is there a guide to make virtual IPs work
on SSL VPN interfaces?May hairpin NAT work using secondary IP
interfaces?We are trying to make hairpin NAT work on 3000F. Any help
will be much appreciated. We followed this KB on...
Hi @funkylicious, Following a case with the Fortinet support, we could
make the hairpin NAT work. We:removed the VS address as secondary IP on
the WAN interface (the problem came from that)Disabled web mode on the
SSL portalCreated a single policy fr...
Hello @funkylicious, Thanks for sharing these snippets. We are
wondering, in which FortiOS version did you make it work?The SSL VPN
traffic doesn't match the policies we defined. From what we get back, it
seems we are hitting a bug (see the Command f...
Thank you very much for giving us your time, @funkylicious; it's much
appreciated. Indeed, the interface is DATA, not DMZ. My bad. We disabled
NAT on policy 3, and it still doesn't match traffic. # get router info
routing-table details 10.120.0.123 R...
Hi again, @funkylicious; This follow from my previous response. We have
tried Point 1 to 4; and there is no hairpin NAT happening between SSLVPN
and DMZ. We have defined policy ID 3,# show firewall policy 3 config
firewall policy edit 3 set uuid c8bc...
