Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JerfBot
New Contributor

VIP dead ends with no reason why

Hello, 

 

I am working on deploying a VIP on a FWF60D device, and I am having trouble. I've setup the vip as I believe it should be, its should be forwarding all traffic to the device on mapped IP 10.10.10.21 from the public IP 64.121.5.85. The wan 1 address is 64.121.5.82. I have seen this work in the past, but it's just not working right now. I have put my config details below, Hopefully someone can point out what I am doing wrong. 

 

Thank you

 

My details: 

 

config firewall vip
    edit "DVRincomingVIP"
        set extip 64.121.5.85
        set extintf "wan1"
        set mappedip "10.10.10.21"
    next
end

config firewall policy
    edit 77
        set srcintf "wan_zone"
        set dstintf "dmz"
        set srcaddr "all"
        set dstaddr "DVRincomingVIP"
        set action accept
        set schedule "always"
        set service "ALL"
    next
end

config system interface
    edit "wan1"
        set vdom "root"
        set ip 64.121.5.82 255.255.255.248
        set allowaccess ping ssh
        set vlanforward enable
        set type physical
        set snmp-index 3
    next
end

config router static
    edit 4
        set gateway 64.121.5.81
        set device "wan1"
    next
end

 

1 REPLY 1
lobstercreed
Valued Contributor

Off the top of my head I would agree that it looks right (though we are missing your DMZ interface config), but I'm also thinking maybe the extintf property is wrong on the VIP object. 

I have always used "any" for the interface for my VIP objects...maybe try that?

Labels
Top Kudoed Authors