Strange Behaviour with VIP/Policy Routing/NAT etc.

Hi,

Greetings Folks :)

on our Fortigate 200E i noticed this Strange behaviour:

So we got our LAN with our PBX. PBX IP is 172.17.150.2/24, FG IP 172.17.150.1/24

We got another "LAN" to access a ISP Router (192.168.6.1) to access our SBC (192.168.18.7) (lets call it ISP Access).

And we got a WAN.

(See Graphic Attached)

Out SBC Accepts only Connections from IP 192.168.6.3 and is Sending Connections to this IP accordingly.

SBC IP Adress is 192.168.8.17

Static Routes:

to 192.168.18.7 over 192.168.6.1 IF ISP Access

to 0.0.0.0/0 over Dynamic Gateway IF WAN

Policy Routes:

FROM IF LAN to 192.168.0.0 -> STOP Policy Routing

FROM IF LAN to * -> Outgoing Interface WAN

(yeah don't you wonder, why this, cuz we have a few more things here ;-))

"VIP TCP" and "VIP UDP" are Configured like: external IP Range: 192.168.6.3, mapped IP Range: 172.17.150.2, Ports 1-65535, Mapped Ports 1-65535, Interface all (maybe that's the Problem???)

"IP POOL SIP OUT" is configured as one-to-one (tried overload doesn't mean anything with one ip i guess), external IP 192.168.6.3

1. Policy for incoming Connections from SBC:

FROM "ISP Access" TO "PBX LAN", Source 192.168.18.7, to "VIP TCP"/"VIP UDP", NAT Disabled

2. Policy for Outoing Connections to ISP:

FROM "PBX LAN" TO "ISP Access", Source all, Destination 192.168.18.7, Service all, NAT "IP POOL SIP OUT"

3. Policy for Outgoing Connections to Evil Internet:

FROM "PBX LAN" TO "WAN", Source all, Destination all, Service all, NAT enabled (use outgoing interface address)

Now here's the Strange Part:

I i look @ matching logs from 3rd Policy our outgoing Connections from PBX to WAN having NAT IP 192.168.6.3 instead of the WAN IP. So there can't be any connection established

But it should use the WAN IP?!

Anyone can help??

I'll try VIP with Interface set correctly instead of all, maybe this helps, but -.-