188 Fortinet Inc.
Virtual IPs Firewall configuration
Adding a schedule to a policy
After you have created schedules, you can add them to policies to schedule when the
policies are active. You can add the new schedules to policies when you create the
policy, or you can edit existing policies and add a new schedule to them.
1Go to Firewall > Policy.
2Select the tab corresponding to the type of policy to add.
3Select New to add a policy or select Edit to edit a policy to change its schedule.
4Configure the policy as required.
5Add a schedule by selecting it from the Schedule list.
6Select OK to save the policy.
7Arrange the policy in the policy list to have the effect that you expect.
For example, to use a one-time schedule to deny access to a policy, add a policy that
matches the policy to be denied in every way. Choose the one-time schedule that you
added and set Action to DENY. Then place the policy containing the one-time
schedule in the policy list above the policy to be denied.
Virtual IPsUse virtual IPs to access IP addresses on a destination network that are hidden from
the source network by NAT security policies. To allow connections between these
networks, you must create a mapping between an address on the source network and
the real address on the destination network. This mapping is called a virtual IP.
For example, if the computer hosting your web server is located on the network
connected to port3, it could have a private IP address such as 10.10.10.3. If port2
connects to the Internet, to get packets from the Internet to the web server, you must
have an external address for the web server on the Internet. You must then add a
virtual IP to the firewall that maps the external IP address of the web server to the
actual address of the web server on the port3 network. To allow connections from the
Internet to the web server, you must then add a port2->port3 firewall policy and set
Destination to the virtual IP.
You can create two types of virtual IPs:
Static NAT Used in to translate an address on a source network to a hidden address on
a destination network. Static NAT translates the source address of return
packets to the address on the source network.
Port Forwarding Used to translate an address and a port number on a source network to a
hidden address and, optionally, a different port number on a destination
network. Using port forwarding you can also route packets with a specific
port number and a destination address that matches the IP address of the
interface that receives the packets. This technique is called port forwarding
or port address translation (PAT). You can also use port forwarding to change
the destination port of the forwarded packets.