Virtual Ips; Adding Static Nat Virtual Ips - Fortinet FortiGate FortiGate-60R Installation And Configuration Manual

Virtual IPs

Virtual IPs

Adding static NAT virtual IPs

158
Use virtual IPs to access IP addresses on a destination network that are hidden from
the source network by NAT security policies. To allow connections between these
networks, you must create a mapping between an address on the source network and
the real address on the destination network. This mapping is called a virtual IP.
For example, if the computer hosting your web server is located on your DMZ
network, it could have a private IP address such as 10.10.10.3. To get packets from
the Internet to the web server, you must have an external address for the web server
on the Internet. You must then add a virtual IP to the firewall that maps the external IP
address of the web server to the actual address of the web server on the DMZ
network. To allow connections from the Internet to the web server, you must then add
a WAN1->DMZ or WAN2->DMZ firewall policy and set Destination to the virtual IP.
You can create two types of virtual IPs:
Static NAT Used in to translate an address on a source network to a hidden address on
a destination network. Static NAT translates the source address of return
packets to the address on the source network.
Port Forwarding Used to translate an address and a port number on a source network to a
hidden address and, optionally, a different port number on a destination
network. Using port forwarding you can also route packets with a specific
port number and a destination address that matches the IP address of the
interface that receives the packets. This technique is called port forwarding
or port address translation (PAT). You can also use port forwarding to change
the destination port of the forwarded packets.
Note: If you use the setup wizard to configure internal server settings, the firewall adds port
forwarding virtual IPs and policies for each server that you configure.
Note: Virtual IPs are not required in Transparent mode.
This section describes:
• Adding static NAT virtual IPs
• Adding port forwarding virtual IPs
• Adding policies with virtual IPs
1 Go to Firewall > Virtual IP.
2 Select New to add a virtual IP.
3 Enter a Name for the virtual IP.
The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and
the special characters - and _. Other special characters and spaces are not allowed.
4 Select the virtual IP External Interface:
The External Interface is the interface connected to the source network that receives
the packets to be forwarded to the destination network.
5 Make sure Type is set to Static NAT.
Firewall configuration
Fortinet Inc.