I'm hoping someone can help me with this one.

I have a Fortigate 300 with Internal, External and DMZ/HA ports.

I have 2 servers connected with each other in a Microsoft Cluster
Services (MSCS) cluster in the Internal subnet. There are also a number
of other non-clustered servers in the subnet.

There are web servers in the DMZ/HA subnet.

When the firewall is configured to allow this (for testing), External
traffic can connect successfully to the clustered servers in the
Internal subnet. Internal traffic can also connect to these 2 servers.

The problem is that DMZ/HA source traffic cannot connect to the
clustered server, even if all DMZ traffic is allowed to connect to
Internal. The web servers in DMZ can connect successfully to all other
servers in Internal, but still cannot connect to the MSCS cluster.

Machines in the DMZ cannot connect (or even ping) the cluster virtual
IP addresses, or the nodes' individual IP addresses.

For temporary testing, the fortigate is configured to not restrict any
access between Internal, DMZ and External.

When we had a Fortigate 100A, this was not a problem; everything worked

Does anyone know if there are problems with the Fortigate 300 not
allowing any connections between DMZ/HA and Internal when connecting to
Windows clustered servers? The Fortigate firmware is at: Fortigate-300