Firewall configuration

IP pools

 

 

Adding policies with virtual IPs

Use the following procedure to add a policy that uses a virtual IP to forward packets.

To add a policy with a virtual IP

1Go to Firewall > Policy.

2Select the type of policy that you want to add.

The source interface must match the interface selected in the External Interface list.

The destination interface must match the interface connected to the network with the Map to IP address.

3Use the following information to configure the policy.

Source

Select the source address from which users can access the server.

Destination

Select the virtual IP.

Schedule

Select a schedule as required.

Service

Select the service that matches the Map to Service that you selected

 

for the port-forwarding virtual IP.

Action

Set action to ACCEPT to accept connections to the internal server.

 

You can also select DENY to deny access.

NAT

Select NAT if the firewall is protecting the private addresses on the

 

destination network from the source network.

Authentication

Optionally select Authentication and select a user group to require

 

users to authenticate with the firewall before accessing the server

 

using port forwarding.

Log Traffic

Select these options to log port-forwarded traffic and apply antivirus

Anti-Virus & Web filter and web filter protection to this traffic.

4Select OK to save the policy.

IP pools

An IP pool (also called a dynamic IP pool) is a range of IP addresses added to a firewall interface. If you add IP pools to an interface, you can select Dynamic IP Pool when you configure a policy with the destination set to this interface. You can add an IP pool if you want to add NAT mode policies that translate source addresses to addresses randomly selected from the IP pool rather than being limited to the IP address of the destination interface.

For example, if you add an IP pool to the internal interface, you can select Dynamic IP pool for Ext->Int policies.

You can add multiple IP pools to any interface but only the first IP pool is used by the firewall.

This section describes:

Adding an IP pool

IP Pools for firewall policies that use fixed ports

IP pools and dynamic NAT

FortiGate-50A Installation and Configuration Guide

161

Page 161
Image 161
Fortinet 50A IP pools, Adding policies with virtual IPs, 161, To add a policy with a virtual IP Go to Firewall Policy