Hi,
We have a fortigate firewall where we have done one to one nat of local IP with public IP. We have a requirement of pinging a virtual IP (public IP) from the internal network. After configuring one policy it worked fine.
Later we have configured an access list to allow only one network to ping this VLAN and applied the acl on inbound direction of vlan. It worked fine but public IP (virtual IP of fortigate) stopped pinging.
My requirement is to ping both virtual IP and private IP from 10.10.200.0 network. If i remove the access list, virtual IP is pinging fine.
Below is my access list,
ip access-list extended DMZ
10 permit ip 10.10.200.0 0.0.0.255 any
20 permit ip 10.10.0.0 0.0.255.255 10.10.200.0 0.0.0.255
30 deny ip 10.10.0.0 0.0.255.255 10.10.0.0 0.0.255.255
40 permit ip any any
Could anyone suggest what is wrong here.
Thanks,