cannot access externally-hosted company website while Azure domain-joined
I'm fairly new to IT and networking, so please bear with me if I am unable to explain this issue correctly. I'm the IT Manager in a department of one for a startup with about 30 employees. We're opening two new offices (one in Texas and one in California), and we hired consultants to help us build a more robust and industry-compliant network. Based on recommendations from the ars Forums, I made the decision to utilize FortiGate 60Es between sites, and we are also using 48-port FortiNet managed switches and FortiNet access points. The IPSEC tunnels between sites are working fine.
We also made the choice to start domain-joining our PCs by setting up Azure servers, with VPN IPSEC tunnels between the FortiGates and the Azure setup. Everything seems to work well, except that we are unable to browse to our company website that has the same name as the domain to which we are joined (plus Outlook hangs when sending mail using our HTML signatures that contain pictures hosted on our website). The FortiGate is set up for DNS to be resolved by the two Azure servers. FortiNet support tried adding 22.214.171.124 as the third DNS server, but this didn't help.
Our FortiGate consultant/reseller is very expensive and only seems to know basic/intermediate FortiGate setups; he hasn't been able to help us with this. Our Azure consultant is not familiar with FortiGate equipment. He thinks we need to add a DNAT rule, but everything I'm reading suggests that would only work for an internally-hosted website, and ours is hosted by a third party. Frontline FortiNet support says that their equipment won't work for this.
Has anyone else run into an issue like this? Are we up a creek, or is there a solution? Thank you in advance for any assistance you can provide!
Read responses in arstechnica.com