Adding Port Forwarding Virtual Ips - Fortinet FortiGate FortiGate-50R Installation And Configuration Manual

Firewall configuration

Adding port forwarding virtual IPs

10
FortiGate-50R Installation and Configuration Guide
7 In the Map to IP field, enter the real IP address on the destination network, for
example, the IP address of a web server on an internal network.
Note: The firewall translates the source address of outbound packets from the host with the
Map to IP address to the virtual IP External IP Address, instead of the firewall external address.
8 Select OK to save the virtual IP.
You can now add the virtual IP to firewall policies.
1 Go to Firewall > Virtual IP.
2 Select New to add a virtual IP.
3 Enter a Name for the virtual IP.
The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and
the special characters - and _. Other special characters and spaces are not allowed.
4 Select the virtual IP External Interface. The External Interface is the interface
connected to the source network that receives the packets to be forwarded to the
destination network.
5 Change Type to Port Forwarding.
6 In the External IP Address field, enter the external IP address to be mapped to an
address on the destination zone.
You can set the External IP Address to the IP address of external interface selected in
step 4 or to any other address.
If the IP address of the External interface selected in step
DHCP, you can enter 0.0.0.0 for the External IP Address. The FortiGate unit
substitutes the IP address set for this external interface using PPPoE or DHCP.
For example, if the virtual IP provides access from the Internet to a server on your
internal network, the External IP Address must be a static IP address obtained from
your ISP for this server. This address must be a unique address that is not used by
another host. However, this address must be routed to the External Interface selected
in step 4.
7 Enter the External Service Port number for which to configure port forwarding.
The external service port number must match the destination port of the packets to be
forwarded. For example, if the virtual IP provides access from the Internet to a Web
server, the external service port number would be 80 (the HTTP port).
8 In Map to IP, enter the real IP address on the destination network.
For example, the real IP address could be the IP address of a web server on an
internal network.
9 Set Map to Port to the port number to be added to packets when they are forwarded.
If you do not want to translate the port, enter the same number as the External Service
Port.
If you want to translate the port, enter the port number to which to translate the
destination port of the packets when they are forwarded by the firewall.
Select the protocol to be used by the forwarded packets.
Virtual IPs
4 is set using PPPoE or
133