Hi all,
I have a small 1100 appliance that is locally managed. There is site-to-site VPN configured with remote Fortinet device. Site to site connectivity works OK, tunnel is brought up, packets are routed and services are accessible.
But, on our side we have exchange server behind CP device that is statically NATed with non CP IP address (there is additional IP assigned only for NAT servers). This setup works ok as mail flow is working.
Caveat is that behind this Fortinet there is exchange server published for remote domain. When VPN tunnel is down mail from our server to this remote server flows OK, when VPN tunnel is up (and this should be always up) then SMTP server on remote side is not accessible on the remote locations from our LAN.
In the log I am getting Block notification:
Today 12:07:37 | | | daemon | | <server ip> | <remote ip> | SMTP | 0 | |
As there is specification for rule 0 it looks like some implied rule is doing this.
What is the scenario to avoid this (as it looks like CP is trying to route packets to this server over VPN) so that not only SNMP but any service on remote VPN gateway public IP are accessible?
Thanks,
DiNo