Hi,
I would like to use Virtual IPs (VIPs) to configure port forwarding on a FortiGate. I tried to do this with two different services - unsuccessfully. What do I wrong?
Itest - VLAN20
Dnal - VLAN120
Zone "LAN" with VLAN20 and VLAN120 - Setting "Block intra-zone traffic" on
It works one week before but I do lot of changes in my network and do factory reset on my FW, connect switch, create vlans, create zone. Before all works on just internal interface.
Debug dopped this Error:
2020-08-03 12:29:45 id=20085 trace_id=2022 func=init_ip_session_common line=4632 msg="allocate a new session-0001ccae"
2020-08-03 12:29:45 id=20085 trace_id=2022 func=fw_local_in_handler line=395 msg="iprope_in_check() check failed on policy 0, drop"
Thank you or any help
config firewall vip edit "Itest" set extintf "wan1" set portforward enable set mappedip "192.168.20.120" set extport 8443 set mappedport 8443 next edit "Dnal" set extintf "wan1" set portforward enable set mappedip "192.168.120.190" set extport 500 set mappedport 500 next end edit 11 set srcintf "wan1" set dstintf "LAN" set srcaddr "all" set dstaddr "Itest" set action accept set schedule "always" set service "ALL" set logtraffic all next edit 12 set srcintf "wan1" set dstintf "LAN" set srcaddr "all" set dstaddr "Dnal" set action accept set schedule "always" set service "ALL" set logtraffic all next 
No comments:
Post a Comment