Hi All,

We just deployed the the Fortigate FW into our system connected directly to ISP on WAN1 interface and LAN2 interface connected to the cisco router (before this router was directly connected to WAN interface but now it is connected to FW's LAN interface with separate IP subnet other than internal LANs).

I have configured an static default route on router for internet access which is pointing to FW's LAN interface IP. So the internet access is working fine now on all LANs connected to router LAN interface.

We have got a static public IP (defined on WAN interface). Also we have 6 usable public IPs pool which we have mapped to VIPs which are on same subnet as of FW LAN interface and these VIPs further mapped with actual internal old private IPs on internal servers to route inbound traffic destined for specific ports on these internal/SFB servers.

After these configurations, our internal servers are still unable to to be reached from outside on those ports which we have defined/mapped on FW. Also when I try to ping from FW's CLI to any of the LAN IP behind the cisco router's LAN interface (which is connected directly to FW) the ping is unsuccessful. However, All internal LAN machines are able to ping to FW's LAN/WAN interface except the VIPs which we created on FW. It seems we are missing some configuration either on router or FW. Before FW, it was working fine with the router since there was one time NAT only but now it is double I guess.

Please note we do not want to remove router from the system since it has a lot of policies for internal LAN users/servers which we do not want to configure on FW over again. So we are looking a solution in which FW can perform its FW functions only and all internal routing should be done by router.

Sorry I am a new bee, so I am wondering if anyone can please guide how we can pass through incoming traffic for our servers from FW's WAN interface to Internal servers on specific ports.

Please guide.

Many Thanks