I have serious problems setting up port forwarding on a Fortigate 50B. The unit is basically running as factory default, the wan1 interface is connected to my fibre optic internet modem, and my lan is connected to the internal switch of the Fortigate. The factory default firewall policy allowing traffic from the internal interface to wan1 is kept and I'm able to access the interet as normal.
Then I added a virtual ip and a firewall policy for allowing access from the internet to my local servers (ip 192.168.9.51) webserver (standard port 80). The settings I made are as follows.
Edit Virtual IP Mapping
Name : Server VIP
External interface : wan1
Type : Static NAT
Extermal IP Address/Range : 0.0.0.0
Mapped IP Address/Range : 192.168.9.51
Port Forwarding : not checked
Firewall policy
Source interface/Zone : wan1
Source address : all
Destination interface/Zone : internal
Destination address : Server VIP
Schedule : always
Service : HTTP
Action : ACCEPT
no other settings checked
What happens now is that I'm unable to access internet from my server, I'm not getting through to the webserver from internet either. I'm able to ping a site on the outside, but all web traffic is blocked, both ways.
I've checked the documentation, but as far as I can tell I have set this up correctly. Anyone here with knowledge of Fortigate port forwading/NAT?
Best Answer
Well .. I found the solution:
I turns out you have to input the external ip of the wan1 interface and not use 0.0.0.0 as the documentation states should be valid for any ip. That is crappy since all port forwardings will stop working if my wan interface changes ip-address after a powerloss for instance. But atleast it works now.