Technical Note: How to access natted server internally with Public IP address : Loopback policy

FortiGate v5.0
FortiGate v5.2
This article explains how to access the natted server internally with the Public IP/Virtual IP.
Step 1: Configure VIP

Log in to the GUI and go to Policy & Objects > Objects > Virtual IPs > Create new, set the following parameters:

Name: Give any friendly name, for example: Virtual IP.
Interface: “Any”
External IP: “Public IP/Virtual IP of the Server”, for example: (WAN1)
Mapped IP: “Private IP/Internal IP of the Server”, for example:
Port Forwarding needs to be checked if the port is to be specified.

Step 2: Configure Policy

Incoming Interface : Wan1
Source Address : All
Outgoing Interface : Internal
Destination Address: Virtual IP
Service: HTTP (Specify the service to be used to access the server).

Select Ok

If NAT is selected, the source address is changed to the internal interface address. Normally, you would not want to perform source NAT since this has the effect of hiding the actual source address of the sessions.

Step 3: Configure Policy Route

Router > Static > Policy route > Create new >

Incoming Interface: Internal (select the local LAN interface)
Source Address: Specify the Local LAN Network
Destination Address: Specify the VIP configured “LOCAL IP”
Outgoing Interface: Internal (select the VIP server’s local interface)
No Gateway is Required

Move the created policy route to the top of existing policy route.

ref from:

Clear the local DNS cache in macOS Sierra, OSX, Linux and Windows

When URLs are just not resolving the way you want it, to time to clear or flush the dns nameserver local cache –flush-the-loacl-cache

How to clear the local DNS cache

macOS Sierra 10.12.0

sudo killall -HUP mDNSResponder

OSX 10.11.0

sudo killall -HUP mDNSResponder

OSX 10.10.4

sudo killall -HUP mDNSResponder

OSX 10.10.0 – 10.10.3

sudo discoveryutil mdnsflushcache

OSX 10.9  – 10.8 – 10.7

sudo killall -HUP mDNSResponder

OSX 10.5 – 10.6

sudo dscacheutil -flushcache


ipconfig /flushdns

Linux (depending on what you’re running)

/etc/init.d/named restart
/etc/init.d/nscd restart