190 Fortinet Inc.
Virtual IPs Firewall configuration
8Select OK to save the virtual IP.
You can now add the virtual IP to firewall policies.
Adding port forwarding virtual IPs1Go to Firewall > Virtual IP.
2Select New to add a virtual IP.
3Enter a Name for the virtual IP.
The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and
the special characters - and _. Other special characters and spaces are not allowed.
4Select the virtual IP External Interface. The External Interface is the interface
connected to the source network that receives the packets to be forwarded to the
destination network.
You can select a firewall interface or a VLAN subinterface.
5Change Type to Port Forwarding.
6In the External IP Address field, enter the external IP address to be mapped to an
address on the destination zone.
You can set the External IP Address to the IP address of external interface selected in
step 4 or to any other address.
For example, if the virtual IP provides access from the Internet to a server on your
internal network, the External IP Address must be a static IP address obtained from
your ISP for this server. This address must be a unique address that is not used by
another host. However, this address must be routed to the External Interface selected
in step 4.
7Enter the External Service Port number for which to configure port forwarding.
The external service port number must match the destination port of the packets to be
forwarded. For example, if the virtual IP provides access from the Internet to a Web
server, the external service port number would be 80 (the HTTP port).
8In Map to IP, enter the real IP address on the destination network.
For example, the real IP address could be the IP address of a web server on an
internal network.
9Set Map to Port to the port number to be added to packets when they are forwarded.
If you do not want to translate the port, enter the same number as the External Service
Port.
If you want to translate the port, enter the port number to which to translate the
destination port of the packets when they are forwarded by the firewall.
10 Select the protocol to be used by the forwarded packets.
11 Select OK to save the port forwarding virtual IP.
Note: The firewall translates the source address of outbound packets from the host with the
Map to IP address to the virtual IP External IP Address, instead of the firewall external address.