Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
G3n0c1de
New Contributor

[SOLVED] No Traffic to VIPs routing to Exchange server

My office recently had to switch to a wireless modem with a single public IP address. I never configured the old modem, so I'm fairly inexperienced with fortinet's systems.

 

The router we're using is a FortiWifi 50B, running FortiOS 3.0.  The firmware version is FortiWiFi-50B 3.00-b0668(MR6 Patch 2). Yes, it's old.

 

The router connects our private office network to the internet.  On our network is an exchange server to handle our email.  The email is handled by several VIP rules which route the traffic to different ports on the exchange server.

 

For whatever reason, Outbound email works, but I'm monitoring the VIPs and no traffic is hitting them.

 

I'm pretty sure it's an IP issue within the VIP configuration.  Currently for the external IP I have it set to the public IP address given by the modem.  I have also tried the internal IP address of the modem from which the router gets its connection.

 

I only have one IP to give to the VIPs, and in the past I think there was a separate static IP that handled the emails.  Is using only one IP for both the network and the VIPs causing a conflict?

 

EDIT: I got it to work.  It turns out that it was a port forwarding issue.  Our modem didn't allow traffic through the ports the VIPs needed by default.  I also had to change the IPs that the VIPs were looking for to be the IP of the modem.

9 REPLIES 9
gschmitt
Valued Contributor

Uhm quick question... did you change the MX/A/PTR Records for your mailserver?

Ali_FCNSP
New Contributor

Public IP is on fortigate itself or on the ISP router ?

G3n0c1de
New Contributor

@gschmitt: I changed those records to point to our new public IP address.

 

@Aliakber_kuwait: The public IP is coming from the modem, I believe.  The fortinet router is connected to the modem on WAN1 in DHCP mode.  So perhaps I need to set the VIP's to handle traffic from the modem IP?

gschmitt
Valued Contributor

G3n0c1de wrote:

@Aliakber_kuwait: The public IP is coming from the modem, I believe.  The fortinet router is connected to the modem on WAN1 in DHCP mode.  So perhaps I need to set the VIP's to handle traffic from the modem IP?

You marked your question as solved but from the replies it doesn't look like it is

It depends on your modem, if you can set the modem to "passthrough" or "dmz" mode (without nat) you don't need to change your VIP object

G3n0c1de
New Contributor

I edited the main post with how I solved it.

 

And I wanted to get IP passthrough working, but for whatever reason it couldn't work.

Ali_FCNSP

What i use to do is If you have public IP on your modem/router, make the default dmz server address to your firewall WAN interface, so that all traffic for that public IP will reach the fortinet firewall and then you could make the VIP and policy with the Fortigate WAN IP (not the public IP)

Find attached snaps

Ali_FCNSP

policy

Ali_FCNSP

VIP

Ali_FCNSP

dmz setting on router

Labels
Top Kudoed Authors