Firewall configuration

Virtual IPs

 

 

Figure 12: Adding a static NAT virtual IP

Adding port forwarding virtual IPs

To add port forwarding virtual IPs

1Go to Firewall > Virtual IP.

2Select New to add a virtual IP.

3Type a Name for the virtual IP.

The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.

4Select the virtual IP External Interface from the list.

The external interface is the interface connected to the source network that receives the packets to be forwarded to the destination network.

5In the Type section, select Port Forwarding.

6Enter the External IP Address that you want to map to an address on the destination zone.

You can set the external IP address to the IP address of the external interface selected in step 4 or to any other address.

If the IP address of the external interface selected in step 4 is set using PPPoE or DHCP, you can enter 0.0.0.0 for the External IP Address. The FortiGate unit substitutes the IP address set for this external interface using PPPoE or DHCP.

For example, if the virtual IP provides access from the Internet to a server on your internal network, the external IP address must be a static IP address obtained from your ISP for this server. This address must be a unique address that is not used by another host. However, this address must be routed to the external interface selected in step 4. The virtual IP address and the external IP address can be on different subnets.

FortiGate-50A Installation and Configuration Guide

159

Page 159
Image 159
Fortinet 50A user manual Adding port forwarding virtual IPs, 159