Firewall configuration

Virtual IPs

 

 

This section describes:

Adding static NAT virtual IPs

Adding port forwarding virtual IPs

Adding policies with virtual IPs

Adding static NAT virtual IPs

To add a static NAT virtual IP

1Go to Firewall > Virtual IP.

2Select New to add a virtual IP.

3Type a Name for the virtual IP.

The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.

4Select the virtual IP External Interface from the list.

The external interface is the interface connected to the source network that receives the packets to be forwarded to the destination network.

You can select any firewall interface or a VLAN subinterface.

You can set the virtual IP external interface to any FortiGate interface. Table 39 contains example virtual IP external interface settings and describes the policies that you can add the resulting virtual IP to.

Table 39: Virtual IP External Interface examples

External Interface

Description

 

 

internal

To map an internal address to an address on a network connected to

 

another interface, VLAN subinterface, or zone. If you select internal, the

 

static NAT virtual IP can be added to policies for connections from the

 

internal interface or any zone containing the internal interface, to any

 

other interface, VLAN subinterface, or zone.

 

 

external

To map an external address to an address on a network connected to

 

another interface, VLAN subinterface, or zone. If you select external, the

 

static NAT virtual IP can be added to policies for connections from the

 

external interface or any zone containing the external interface, to any

 

other interface, VLAN subinterface, or zone.

 

 

5In the Type section, select Static NAT.

6Enter the External IP Address that you want to map to an address on the destination network.

For example, if the virtual IP provides access from the Internet to a web server on a destination network, the external IP address must be a static IP address obtained from your ISP for your web server. This address must be a unique address that is not used by another host and cannot be the same as the IP address of the external interface selected in step 4. However, this address must be routed to this interface. The virtual IP address and the external IP address can be on different subnets.

If the IP address of the external interface selected in step 4 is set using PPPoE or DHCP, you can enter 0.0.0.0 for the external IP address. The FortiGate unit substitutes the IP address set for this external interface using PPPoE or DHCP.

FortiGate-800 Installation and Configuration Guide

209

Page 209
Image 209
Fortinet FortiGate-800 manual Adding static NAT virtual IPs, 209, To add a static NAT virtual IP Go to Firewall Virtual IP