Fortigate - Accessing a Virtual Server address from several interfaces

Posted by Jeremy G on Server Fault See other posts from Server Fault or by Jeremy G
Published on 2012-06-23T05:09:43Z Indexed on 2012/06/23 9:19 UTC
Read the original article Hit count: 592

Filed under:
|
|
|

I am setting up a new application in its own DMZ on our Fortigate 300C firewalls. I have defined a load-balancing configuration for part of the application, and this works fine for traffic coming in from our internal network.

However, I would also like this application to be reachable from other DMZs, for inter-application traffic, and from the SSL VPN interface. I can't seem to define the required policy, and it seems this is due to Virtual Servers being bound to the client interface on the Fortigate rather than the server interface (and so my virtual IP is not accessible from any of these other interfaces)

Does anyone have an idea how I might go about this ? I guess I could create other virtual IPs for each interface, but this gets complicated to handle as clients need to change the address they use depending on how they are connecting.

Thanks, Jeremy G

© Server Fault or respective owner

Related posts about firewall

Related posts about load-balancing