General discussion


Fortigate firewall policy route problem

By ben_che ·
I have a Fortigate firewall configured with Virtual IP and one Internet link (WAN1), this configuration works fine. But today, I add one more Internet link and would like to setup policy route to let VIP to use new Internet link to access Internet. Old Internet link is dedicated for publishing my servers. Setting of policy route is: Source IP:, Dest. IP:, force traffic to (WAN2)

Although the policy route works fine and the my published servers can be access from Internet properly, my internal users cannot access my published servers with their Internet IP.
for example: The Virtual IP has external IP (WAN1), it is mapping the interal IP Users in Internet can access the published service through, but my internal users cannot access the same service throught, they can only access the service through

Because of some reasons, we cannot have our own DNS server. So my internal users must point to external DNS server and access my published servers through URL rather than IP address.

I am sure that all the firewall policies and routing table are correct, because when I remove the policy route, my internal users can access the servers through URL, but I must have policy route since I need to assign dedicated link for the users to use new Internet link (WAN2) for web browsing.

Would you please help to provide suggestion? Thank you!!!!!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Related Discussions

Related Forums