Adding Static Nat Port Forwarding For An Ip Address Range And A Port Range - Fortinet Fortigate-5000 series Administration Manual

Firewall Virtual IP
4
1
2
3
4

Adding static NAT port forwarding for an IP address range and a port range

FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102
Figure 155:Virtual IP options; Static NAT port forwarding virtual IP for a single IP
address and a single port
Select OK.
To add static NAT virtual IP port forwarding for a single IP address and a
single port to a firewall policy
Add a external to dmz1 firewall policy that uses the virtual IP so that when users
on the Internet attempt to connect to the web server IP addresses, packets pass
through the FortiGate unit from the external interface to the dmz1 interface. The
virtual IP translates the destination addresses and ports of these packets from the
external IP to the dmz network IP addresses of the web servers.
Go to Firewall > Policy and select Create New.
Configure the firewall policy:
Source Interface/Zone
Source Address Name
Destination Interface/Zone dmz1
Destination Address Name Port_fwd_NAT_VIP
Schedule
Service
Action
Select NAT.
Select OK.
Ports 80 to 83 of addresses 192.168.37.4 to 192.168.37.7 on the Internet are
mapped to ports 8000 to 8003 of addresses 10.10.10.42 to 10.10.10.44 on a
private network. Attempts to communicate with 192.168.37.5, port 82 from the
Internet, for example, are translated and sent to 10.10.10.43, port 8002 by the
FortiGate unit. The computers on the Internet are unaware of this translation and
see a single computer at 192.168.37.5 rather than a FortiGate unit with a private
network behind it.
external
All (or a more specific address)
always
HTTP
ACCEPT
Configuring virtual IPs
261