Fortinet Fortigate-5000 series Administration Manual page 254

Virtual IPs
254
Static NAT Static NAT virtual IPs map an external IP address or IP address range
on a source network to a mapped IP address or IP address range on a
destination network.
Static NAT virtual IPs use one-to-one mapping. A single external IP
address is mapped to a single mapped IP address. A range of external
IP addresses is mapped to a corresponding range of mapped IP
addresses. A given IP address in the source address range is always
mapped to the same IP address in the destination address range.
Static NAT Port Static NAT port forwarding maps a single IP address or address range
and a single port number or port range on one network to a different
Forwarding
single IP address or address range and a different single port number
or port range on another network.
Static NAT port forwarding is also just called port forwarding. Static NAT
port forwarding virtual IPs use one-to-one mapping. A range of external
IP addresses is mapped to a corresponding range of mapped IP
addresses and a range of external port numbers is mapped to a
corresponding range of mapped port numbers.
Port forwarding virtual IPs can be used to configure the FortiGate unit
for port address translation (PAT).
Load Balancing Also called dynamic port forwarding. A load balancing virtual IP maps a
single IP address on one network to an IP address range on another
network.
Load balancing uses a one-to-many mapping and a load balancing
algorithm to assign the destination IP address from the IP address
range to ensure a more even distribution of traffic.
Load Balancing Load balancing with port forwarding maps a single IP address and port
number on one network to a range of IP addresses and a range of port
port forwarding
numbers on another network.
Load balancing port forwarding uses a one-to-many load balancing
algorithm to assign the destination IP address from the IP address
range to ensure a more even distribution of traffic, and also assigns the
destination port from the destination port number range.
Dynamic virtual If you set the external IP address of a virtual IP to 0.0.0.0, you create a
dynamic virtual IP in which any external IP address is translated to the
IPs
mapped IP address or IP address range.
Server Load Server load balancing maps a single IP on one network to up to eight
real server IPs on another network.
Balancing
At least one real address must be added to use this feature.
Server Load Server load balancing with port forwarding maps a single IP address
and port number on one network to up to eight specific server
Balancing port
addresses and eight specific ports on another network.
forwarding
You must add the virtual IP to a NAT firewall policy to actually implement the
mapping configured in the virtual IP. To add a firewall policy that maps addresses
on an external network to an internal network, you add an external to internal
firewall policy and add the virtual IP to the destination address field of the policy.
For example, if the computer hosting a web server is located on the internal
network, it might have a private IP address such as 10.10.10.42. To get packets
from the Internet to the web server, there must be an external address for the web
server on the Internet. Add a virtual IP to the firewall that maps the external IP
address of the web server on the Internet to the actual address of the web server
on the internal network. To allow connections from the Internet to the web server,
add an external to internal firewall policy and set the Destination Address to the
virtual IP.
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102
Firewall Virtual IP