Table of Contents
Advertisement
Configuring virtual IPs
Adding a static NAT virtual IP for an IP address range
258
To add a static NAT virtual IP for a single IP address to a firewall policy
Add a external to dmz1 firewall policy that uses the virtual IP so that when users
on the Internet attempt to connect to the web server IP address packets pass
through the FortiGate unit from the external interface to the dmz1 interface. The
virtual IP translates the destination address of these packets from the external IP
to the DMZ network IP address of the web server.
1
Go to Firewall > Policy and select Create New.
2
Configure the firewall policy:
Source Interface/Zone
Source Address Name
Destination Interface/Zone dmz1
Destination Address Name simple_static_nat
Schedule
Service
Action
3
Select NAT.
4
Select OK.
The IP address range 192.168.37.4-192.168.37.6 on the Internet is mapped to
10.10.10.42-10.10.123.44 on a private network. Packets from Internet computers
communicating with 192.168.37.4 are translated and sent to 10.10.10.42 by the
FortiGate unit. Similarly, packets destined for 192.168.37.5 are translated and
sent to 10.10.10.43, and packets destined for 192.168.37.6 are translated and
sent to 10.10.10.44. The computers on the Internet are unaware of this translation
and see three computers with individual IP addresses rather than a FortiGate unit
with a private network behind it.
Figure 152:Static NAT virtual IP for an IP address range example
To add a static NAT virtual IP for an IP address range
1
Go to Firewall > Virtual IP > Virtual IP.
2
Select Create New.
external
All (or a more specific address)
always
HTTP
ACCEPT
FortiGate Version 3.0 MR4 Administration Guide
Firewall Virtual IP
01-30004-0203-20070102
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
