Adding Static Nat Port Forwarding For An Ip Address Range And A Port Range - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
Firewall Virtual IP
Adding static NAT port forwarding for an IP address range and a port range
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
Source Interface/Zone
Source Address
Destination
Interface/Zone
Destination Address
Schedule
Service
Action
3 Select NAT.
4 Select OK.
Ports 80 to 83 of addresses 192.168.37.4 to 192.168.37.7 on the Internet are mapped to
ports 8000 to 8003 of addresses 10.10.10.42 to 10.10.10.44 on a private network.
Attempts to communicate with 192.168.37.5, port 82 from the Internet, for example, are
translated and sent to 10.10.10.43, port 8002 by the FortiGate unit. The computers on the
Internet are unaware of this translation and see a single computer at 192.168.37.5 rather
than a FortiGate unit with a private network behind it.
Figure 258: Static NAT virtual IP port forwarding for an IP address range and a port range
example
To add static NAT virtual IP port forwarding for an IP address range and a port
range
1 Go to Firewall > Virtual IP > Virtual IP.
2 Select Create New.
3 Use the following procedure to add a virtual IP that allows users on the Internet to
connect to a web server on the DMZ network. In this example, the external interface of
the FortiGate unit is connected to the Internet and the dmz1 interface is connected to
the DMZ network.
Name
External Interface
Type
wan1
All (or a more specific address)
dmz1
Port_fwd_NAT_VIP
always
HTTP
ACCEPT
Port_fwd_NAT_VIP_port_range
external
Static NAT
Configuring virtual IPs
459
Advertisement
Table of Contents
