A service for WAN on a server behind 2 fortigates with IPSec VPN between them
Hello der Fortinet Community,
I am new to Fortigates and I have the case depicted on the attached picture: A server in LAN 2 (Interface L2) behind the Fortigate 2 (FortiWiFi 60CX-ADSL-A, Firmware v5.2.15,build766 (GA)) which is beign addressed from WAN (Interface W) through the Fortigate 1 (FortiWiFi 60CX-ADSL-A, Firmware v5.2.15,build766 (GA)) and IPSec VPN (Interfaces V1, V2, which are the VPN interfaces). The server runs a number of services that should be accessible from WAN. Lets take FTP as one example.
I have the following relevant policies of the Fortigate 1.
F1.I. WAN - V1: Source: all; Destination: Server (Virtual IP); Schedule: always; Service: FTP; Action: accept; NAT: enable.
F1.II: V1 - WAN: Source: all; Destination: all; Schedule: always; Service: all; Action: accept; NAT: enable.
The Virtual IP object "Server" has the following configuration:
Type: static NAT,
Source Address Filter: disabled,
External IP Address/Range: 0.0.0.0 - 0.0.0.0
Internal IP Address/Range: xxx.yyy.zzz.nnn - xxx.yyy.zzz.nnn (the IP Address of the Server in LAN 2)
Port Forwarding: enabled,
External Service Port: 21 - 21
Internal Service Port: 21 - 21
Besides that, I have the following relevant policies on the Fortigate 2.
F2.I V2 - L2: Source: all; Destinastion: Server (Address); Schedule: always; Service: FTP, Action: accept; NAT: disable.
F2.II L2 - V2: Nothing... but should I have an accepting policy for Server -> all?
The Address object "Server" has the following configuration:
Subnet / IP Range: xxx.yyy.zzz.nnn (the IP Address of the Server in LAN 2),
Show in Address List: yes.
When I try to connect via FTP from WAN using the address of the WAN-Interface, I see the number of packets increasing on F1.I, but nowhere else and, obviously, I cant establish a connection. Could you please help me with what and how I should change to allow the required connectivity?