Virtual IPs

Firewall configuration

 

 

Note: The firewall translates the source address of outbound packets from the host with the

Map to IP address to the virtual IP External IP Address, instead of the firewall external address.

8Select OK to save the virtual IP.

You can now add the virtual IP to firewall policies.

Adding port forwarding virtual IPs

1Go to Firewall > Virtual IP.

2Select New to add a virtual IP.

3Enter a Name for the virtual IP.

The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.

4Select the virtual IP External Interface. The External Interface is the interface connected to the source network that receives the packets to be forwarded to the destination network.

You can select a firewall interface or a VLAN subinterface.

5Change Type to Port Forwarding.

6In the External IP Address field, enter the external IP address to be mapped to an address on the destination zone.

You can set the External IP Address to the IP address of external interface selected in step 4 or to any other address.

For example, if the virtual IP provides access from the Internet to a server on your internal network, the External IP Address must be a static IP address obtained from your ISP for this server. This address must be a unique address that is not used by another host. However, this address must be routed to the External Interface selected in step 4.

7Enter the External Service Port number for which to configure port forwarding.

The external service port number must match the destination port of the packets to be forwarded. For example, if the virtual IP provides access from the Internet to a Web server, the external service port number would be 80 (the HTTP port).

8In Map to IP, enter the real IP address on the destination network.

For example, the real IP address could be the IP address of a web server on an internal network.

9Set Map to Port to the port number to be added to packets when they are forwarded.

If you do not want to translate the port, enter the same number as the External Service Port.

If you want to translate the port, enter the port number to which to translate the destination port of the packets when they are forwarded by the firewall.

10Select the protocol to be used by the forwarded packets.

11Select OK to save the port forwarding virtual IP.

190

Fortinet Inc.

Page 189 Page 191
Page 190
Image 190
Fortinet 400 manual Adding port forwarding virtual IPs, 190
Page 189 Page 191
Top Page Image Contents