Services on remote VPN server public IP inaccessible (blocked by VPN daemon)

DinoN — Sat, 30 Mar 2019 11:13:56 GMT

Hi all,

I have a small 1100 appliance that is locally managed. There is site-to-site VPN configured with remote Fortinet device. Site to site connectivity works OK, tunnel is brought up, packets are routed and services are accessible.

But, on our side we have exchange server behind CP device that is statically NATed with non CP IP address (there is additional IP assigned only for NAT servers). This setup works ok as mail flow is working.

Caveat is that behind this Fortinet there is exchange server published for remote domain. When VPN tunnel is down mail from our server to this remote server flows OK, when VPN tunnel is up (and this should be always up) then SMTP server on remote side is not accessible on the remote locations from our LAN.

In the log I am getting Block notification:

Today 12:07:37

VPN

daemon

Block

SMTP

As there is specification for rule 0 it looks like some implied rule is doing this.

What is the scenario to avoid this (as it looks like CP is trying to route packets to this server over VPN) so that not only SNMP but any service on remote VPN gateway public IP are accessible?

Thanks,

DiNo

Re: Services on remote VPN server public IP inaccessible (blocked by VPN daemon)

G_W_Albrecht — Wed, 03 Apr 2019 08:08:55 GMT

VPN defined on SMB usually send every paket sent to the Encryption domain (all networks behind peer GW) thru the VPN tunnel. An additional routable IP address will get paket by the internet, not VPN.

topic Re: Services on remote VPN server public IP inaccessible (blocked by VPN daemon) in Spark Firewall (SMB)

Services on remote VPN server public IP inaccessible (blocked by VPN daemon)

Re: Services on remote VPN server public IP inaccessible (blocked by VPN daemon)