When this central NAT table is not used, FortiOS calls this a Virtual IP address (VIP). DNAT, or VIP, is used to map an external IP address to an IP address or address range.
Port Forwarding sets up public services on your network such as web servers, FTP servers, e-mail servers, or other specialized Internet applications. When users send this type of request to your network via the Internet, the router will forward these requests to the appropriate computer.
How To Configure :
Suppose you have a linux server where SSH service is running on TCP port 22, but due to security purpose or based on your requirement you don't want to expose this port from public network as everybody knows SSH run on TCP 22 port. So we are going to configure this for TCP 3539
Case Study :
Linux Server IP : 192.168.50.42
WAN IP : 123.123.123.123
Internal Service Port : TCP 22
Outside Service Port : TCP 3539
Please find below the step by step configuration :
(1) Open the FortiGate firewall console
(3) Click on Create New > Virtual IP
(4) Here is the configuration as per my case study.... you can change the IP's and ports as per your requirements
Click OK
(5) Now Go to the Policy & Objects > IPv4 Policy
Only follow the step 6 if you have allowed specific traffic from WAN to LAN, If everything is allowed then you don't need to do this. Port should be accessible. If only specific traffic is allowed then you need to follow the step 6.
(6) Now go to your WAN to LAN policy and add the
object name which you gave in Step number 4
That's all!!!!!!!!!!!!!!!!!!!!!!!!! Enjoy
If you enjoyed this article, follow and share it with your friends and colleagues!!!!!!!!!!! 👍
Posted By : Kamlesh Gaur
This is pretty simple when i did as you suggested. Thanks and keep blogging
ReplyDeleteThanks
Delete